+-------------+ +-------------+
| actaea | eth0 | ilex |
| 192.168.1.4 |------ localnet ------| 192.168.1.1 |
+-------------+ 192.168.1.0/24 +-------------+
eth1 / | ppp0
80.72.34.162 83.31.149.159
/ | wlnet tpsa 80.72.34.160/24 | / | +--------------+ +------------+ | 80.72.34.161 | | 213.25.2.3 | +--------------+ +------------+ \ / \-----------, / +--------------+ "" \ | salix | / Internet " | 212.87.7.182 |--------'-, ,-" +--------------+ "--------"
ilex:~# ip rule show 0: from all lookup local 32764: from 213.25.2.3 lookup tpsa 32765: from 80.72.34.161 lookup wlnet 32766: from all lookup main 32767: from all lookup default
"ip rules" 32764 and 32765 will only apply to traffic with source IP addresses as shown, but not to traffic coming through any of the associated routers (except this routers also do SNAT to traffic coming from the Internet). So packets from salix (212.87.7.182) will be routed looking first at table local (the one that should apply to traffic ending at ilex itself), and then loooking at "table main".
And... this was the problem!
I misread the following lines from the HOWTO: ip rule add from $IP1 table T1 ip rule add from $IP2 table T2 as: ip rule add from $P1 table T1 ip rule add from $P2 table T2 resulting in invalid rule entries
Now, with the following rule table everything works correctly:
ilex:~# ip rule show 0: from all lookup local 32764: from 83.31.149.159 lookup tpsa 32765: from 80.72.34.162 lookup wlnet 32766: from all lookup main 32767: from all lookup default
Many thanks for pointing me the right direction!
Rafal _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
