Witaj Nicolas, W Twoim liście datowanym 24 października 2003 (05:26:05) można przeczytać: NF> HI ROBERT: NF> I apologise for mi ugly and diagrama thank you for the help. NF> This is the scheme of my network [cut out] NF> I`m using multipath default gateway because I want to balance the traffic NF> of my squid server (Is the proxy too). But I need the two networks go out NF> from its corresponding gateway. Ok, I understand that the squid proxy server resides on your gateway and you only want to load balance a proxy, not the lans. So you have to distinguish between traffic from-to proxy and from your lans and apply different routing policies. I thing the best Idea is to use classical firewall marking (-j MARK --set-mark xx) depending on type of traffic and then use policy routing selecting different scenarios using ip rule add prio <yyyy> fwmark <xx> table <bbb> Should work. I use similar setup for limiting selected traffic to single interface only in multipath router. NF> My problem is this: I can`t make everything that go out from one of the ISP NF> go out from the gateway that correspond to it. For example everything that NF> comes from ETH1 go out from ETH2. NF> I think the correct thing is everything comes from ETH1 go out from ETH0 NF> ---------------------------------------------------------------------------- NF> ------ NF> Esta es mi Conf NF> #removing old rules NF> echo "removing old rules" NF> ip rule del prio 50 table main NF> ip rule del prio 201 from 200.47.4.98/32 table 201 NF> ip rule del prio 202 from 200.80.32.158/32 table 202 NF> ip rule del prio 221 table 221 NF> echo "flushing tables" NF> ip route flush table 201 NF> ip route flush table 202 NF> ip route flush table 221 NF> echo "removing tables" NF> ip route del table 201 NF> ip route del table 202 NF> ip route del table 221 NF> # setting new rules NF> echo "Setting new routing rules" NF> # main table w/o default gateway here NF> ip rule add prio 50 table main NF> ip route del default table main NF> # identified routes here NF> ip rule add prio 201 from 200.47.4.98/32 table 201 NF> ip rule add prio 202 from 200.80.32.158/32 table 202 NF> ip route add default via 200.47.4.97 dev eth0 src 200.47.4.98 proto static NF> table 201 NF> ip route append prohibit default table 201 metric 1 proto static NF> ip route add default via 200.80.32.157 dev eth2 src 200.80.32.158 proto NF> static table 202 NF> ip route append prohibit default table 202 metric 1 proto static NF> # mutipath NF> ip rule add prio 221 table 221 NF> ip route add default table 221 proto static nexthop via 200.47.4.97 dev eth0 NF> weight 2 nexthop via NF> 200.80.32.157 dev eth2 weight 3 NF> ip route flush cache NF> exit NF> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH NF> ---------------------------------------------------------------------------- NF> --------------------------------- NF> Nicolas Fillon NF> Argentina NF> ----- Original Message ----- NF> From: "Robert Kurjata" <rkurjata@xxxxxxxxxxxxx> NF> To: <nixo@xxxxxxxxxxx> NF> Cc: <lartc@xxxxxxxxxxxxxxx> NF> Sent: Thursday, October 23, 2003 4:13 AM NF> Subject: Re[2]: 'Help with routing' >> Witaj nixo, >> >> W Twoim liście datowanym 22 października 2003 (20:13:29) można przeczytać: >> >> Seems like I didn't read your posting deeply enough. Before I can help >> I need to know some more details. >> >> Why are you using multipath default gateway? If you just need to make >> a proper routing for two separate lans going through one machine, not >> mixing them you should never use it. It's usefull for NAT-ed lan >> inside, not for public IP's. Just create simple routes without >> multipath. eth0 <-> eth1 and eth2 <-> eth3. >> >> >> nnca> Thank you very much for the solution, but I still have a problem and NF> I >> nnca> need help :) . The problem number one has been solved. When I trace NF> from >> nnca> any computer of my LAN, It`s go out from the right ISP. But after a NF> short >> nnca> time, is like if the rute was chached and it back to the same NF> problem. >> nnca> (I´m getting paranoic :-P ) >> >> nnca> The Problem number two still happens when someone from outside trace NF> an IP >> nnca> from mi LAN. Always the before complete jump is responded for the >> nnca> interface who correnspond to the other ISP. >> >> nnca> Do you have an idea what can be the failure... or, can I call this a >> nnca> failure in my config? >> >> nnca> THANKS VERY MUCH >> nnca> Nicolas Fillon >> nnca> Argentina >> >> >> Hi nixo, >> >> >> >> I suppose you don't preserve properly output address see my postting >> >> with script from 15th October this year :) >> >> (append prohibit default:) >> >> >> >> >> >> nnca> the scheme of my LAN is the next: >> >> >> >> nnca> eth0 isp1 /32 >> >> nnca> eth1 lan de isp1 (LAN With public IP /24) >> >> nnca> eth2 isp2 /32 >> >> nnca> eth3 lan de isp2 (LAN With public IP /26) >> >> >> >> nnca> ip route add 200.47.x.x/24 dev eth0 src 200.47.4.x table 1 >> >> nnca> ip route add default via 200.47.4.x table 1 >> >> >> >> >> >> nnca> ip route add 200.80.32.x/26 dev eth2 src 200.80.32.x table 2 >> >> nnca> ip route add default via 200.80.32.x table 2 >> >> >> >> >> >> >> >> nnca> ip rule add from 200.47.4.x table 1 >> >> nnca> ip rule add from 200.80.32.x table 2 >> >> >> >> nnca> ip route add default scope global nexthop via 200.47.4.x dev eth0 >> >> nexthop nnca> via >> >> nnca> 200.80.32.x dev eth2 >> >> >> >> nnca> ****** >> >> >> >> nnca> My problem is this: when I trace from the NETWORK of ISP1, >> >> sometimes the nnca> tracer go out from the gateway of ISP2 and vice >> >> versa >> >> >> >> nnca> And when someone trace an IP from my LAN of ISP1, it`s showme as >> >> before nnca> complete the gateway from ISP2 y vice versa. >> >> >> >> >> >> nnca> Mi question is: what is wrong in my config...??? What I need to >> >> put or is nnca> anything wrong with this config???. >> >> nnca> THANKS VERY MUCH AND SORRY FOR MI HIGHSCHOOL ENGLISH. >> >> >> >> >> >> -- >> Pozdrowienia, >> Robert mailto:rkurjata@xxxxxxxxxxxxx >> >> _______________________________________________ >> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> -- Pozdrowienia, Robert mailto:rkurjata@xxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
