[LARTC] iproute 2 - src routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi everybody,

i'm responsible for an isdn router, which doesn't work as i want and expected. Hopefully at least one of you can help us.

We have a private network (192.168.0.0/16) and a standard geteway with a dafault route to the internet-gateway (a nat-ing firewall).

|private net|-----|standard gateway|
                     |        |
                     |    |nating firewall|-----|internet
                     |
                 |locale services|

Now we want a special network get routed through an additional isdn router for a special subdomain of ours. the foreign network is also aviable over the intenet but has restrictions on some services form the internet


|private net|-----|standard gateway| | | | |isdn router|---(isdn)--|foreign dialin|--[-- | | [-- | |nating firewall|-----|internet|---------[-- | |locale services|

so the isdn route should decide by the source address (a privileged subdomain) which route the traffic goes and nat it if it goes through isdn

the nating is made with iptables
i did the following:

rt_tables :

255     local
254     main
253     default
0       unspec
1       xyz

$ ip route add default via [dialin gw] dev ippp0 table xyz
# ip rule add from [privileged ip-addr] to [target subnet] table xyz
$ ip route flush cache
$ echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route

the default route is routed to the standard nating firewall, so the normal traffic should go it's normal old way.
i can ping a host in the target subnet and also traceroute form the privileged host, but i don't get any connection to a web server.


there also is a strange behaviour (on the isdn gw):

$ ip route get [webserver in target net]
[webserver in target net] dev ippp0  src [ippp0 ip]
    cache  mtu 1500 advmss 1460
$ ip route get [webserver in target net] from [privileged ip] iif eth0
[webserver in target net] from [privileged ip] dev ippp0 src [eth0 ip]
    cache  mtu 1500 advmss 1460 iif eth0


is this correct?


why does the icmp traffic goes the right way and the other doesn't?

thanks alot




Regards Lars Täuber



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux