Hello,
: I read carefully "Guide to IP Layer Networking", but this don't give
: idea how to make this simple ( I think ) route. My logic is:
Perhaps I should rewrite that section.....
Here are my assumptions before the below.
A main routing table with routes to all of the local networks, but no
default route.
{ echo 10 ISP1
echo 20 ISP2 ; } >> /etc/iproute2/rt_tables
: If packet coming from source adress 1.0.1.0/24 AND destination is NOT localy
: connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP1
: gateway 1.0.0.1.
ip rule add prio 979 from 1.0.1.0/24 table main
ip rule add prio 980 from 1.0.1.0/24 table ISP1
ip route add default via 1.0.0.1 table ISP1
This will allow packets with a source address of 1.0.1.0/24 to reach
locally connect networks and the Internet via ISP1. By selecting the main
routing table first, you'll be sure to allow access to the locally
connected networks to and from each of the other locally connected
networks.
: If packet coming from source adress 2.0.1.0/24 AND destination is NOT localy
: connected host ( 1.0.1.0/24 OR 2.0.1.0/24 OR 127.0.0.0/8 ), send it to ISP2
: gateway 2.0.0.1.
ip rule add prio 969 from 2.0.1.0/24 table main
ip rule add prio 970 from 2.0.1.0/24 table ISP2
ip route add default via 2.0.0.1 table ISP2
: If packet coming ( from ISP1 or ISP2 ) have destination adress
: 1.0.1.0/24 OR 2.0.1.0/24 send it to coresponding eth interface.
Quite!
: As see, there is NOT default route, all other source/destination
: combination will be droped ( with ICMP host unreachable may be? ).
This should happen naturally with the above configuration, but you may
wish to consider the following as well:
ip rule del prio 32766 table main
ip rule add prio 32766 unreachable
This should force your box to send ICMP unreachables for any host not
found in any of the routing table lookups. If you decide to do remove
the final rule which refers to the main routing table, don't forget about
loopback traffic:
ip rule add prio 990 from 127.0.0.0/8 table main
: I can't believe, that no one use single Linux router like this....
Nor can I. It's possible that the 38 people who have done this remain
silent.
In your earlier mail.....
: ip add rule from 1.0.1.0/24 table isp1
: ip add rule from 2.0.1.0/24 table isp2
: route del default
: ip route add default via 1.0.0.1 table isp1
: ip route add default via 2.0.0.1 table isp2
The problem is that tables isp1 and isp2 do not contain routes for
networks 2.0.1.0/24 and 1.0.1.0/24 respectively. Inverting the lookup
logic (as I do above), so that the default route is selected after the
local routes prevents this from being a problem.
: BUT: with this config I can't communicate with workstations. If I try
: 'ping 1.0.1.2' I can see thah all packets with source IP1.0.1.1 are
: sent to eth0, and packets with source IP 2.0.1.1 are sent to eth1.
:
: #ip route get from 1.0.1.1 to 1.0.1.2
: 1.0.1.2 from 1.0.1.1 via 1.0.0.1
Exactly as I expected, given your config. Let us know if you have
success!
Good luck!
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
