I was trying the following setup with IPIP tunnels, one that used to
work through another ISP, but no longer...
Internal network
|
Linux box 1 (kernel 2.2.24) iif=10.0.0.1, extf=a.b.c.d,
tunf=172.16.0.1
|
|local metropolitan network
|
Another Linux box 2 (kernel 2.2.17, or 2.4.19, same result)
iif=irrelevant, extf=x.y.z.v,
tunf=172.16.0.2
|
internet
mtu is 1500 on iif, extf (ethernet)
In short : I'm using an IPIP between the two linux boxes to give the
internal network access to the internet outside the metropolitan
network.
the setup on linux box 1:
ip tun add tun0 mode ipip ttl 64 local a.b.c.d remote x.y.z.v
ip addr add 172.16.0.1/32 dev tun0
ip link set tun0 up
ip ro add 172.16.0.2/32 via x.y.z.v dev tun0 onlink
Then :
table main contains no default route.
ip ru add pref 10 lookup main
ip ro add metro_dest via my_local_gateway dev extf table metro
... as many as needed
ip ru add pref 100 lookup metro
Up to here I have local directly connected networks and the metropolitan
network reachable
This is for packets with source set to tunnel address: (i learned this
trick from LVS howtos and multi path routing)
ip ro add 172.16.0.2/32 via x.y.z.v dev tun0 onlink src 172.16.0.1 table
tun
ip ro add default via 172.16.0.2 dev tun0 onlink src 172.16.0.1 table
tun
ip ru add pref 1000 from 172.16.0.1 lookup tun
This will direct all the rest through the tunnel.
ip ro add default via 172.16.0.2 dev tun0 onlink table outside
ip ru add pref 2000 lookup outside
firewall masquerades internal network:
ipchains -A forward -s 10.0.0.0/24 -j MASQ
-------------------------------------
This setup was working last year on a different ISP for my linux box.
Now I changed the ISP and this no longer works, or rather it works in
part:
