Hello,
I have an issue with multiple connections to the Internet. I tried
following the steps described in [1] but things are not working
properly. I would like the network setup as follows:
______
| |- ppp0 -- Dynamic IP (PPPoE on eth2)
Internal---- eth0 | GW |
|____|- eth1 -- Static IP -> Static's GW
>From [1], the steps I did were:
a. ip route flush table 4
b. ip route show table main | grep -Ev ^default \
| while read ROUTE ; do
ip route add table 4 $ROUTE
done
c. ip route add table 4 default via <Static IP>
d. iptables -t mangle -A PREROUTING -p tcp --dport 22 -s \
<Internal Net>/24 -j MARK --set-mark 4
e. iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
f. iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source \
<Static IP>
g. ip rule add fwmark 4 table 4
h. ip route flush cache
Now if I try to connect to (say) a web server, everything is fine: it
goes out the PPPoE connection just fine. When I try to SSH to the
machine (the same box as the web query) I never get the password
prompt.
Using tcpdump I get the following results. This is listening on eth1
as I try to SSH to the destination from an internal box (using lynx
to connect to the same destination results in a web page):
tcpdump: listening on eth1
07:13:12.614674 <Static IP>.37662 > <Dest IP>.ssh: S \
2808907073:2808907073(0) win 5840 <mss1460,sackOK,timestamp \
611570059 0,nop,wscale 0> (DF)
07:13:12.649772 <Dest IP>.ssh > <Static IP>.37662: S \
2414052745:2414052745(0) \
ack 2808907074 win 65535 <mss 1400,nop,wscale \
0,nop,nop,timestamp 2742813 611570059> (DF)
07:13:15.609403 <Static IP>.37662 > <Dest IP>.ssh: S \
2808907073:2808907073(0) win 5840 <mss 1460,sackOK,timestamp 61 \
1570359 0,nop,wscale 0> (DF)
07:13:15.643437 <Dest IP>.ssh > <Static IP>.37662: S \
2414052745:2414052745(0) \
ack 2808907074 win 65535 <mss 1400,nop,wscale \
0,nop,nop,timestamp 2743112 611570359> (DF)
07:13:18.634659 <Dest IP>.ssh > <Static IP>.37662: S \
2414052745:2414052745(0) ack \
2808907074 win 65535 <mss 1400,nop,wscale 0,nop,nop,timestamp \
2743412 611570359> (DF)
This is what the destination sees (not the same transaction):
tcpdump: listening on fxp0
07:15:59.917179 <Static IP>.37663 > <Dest IP>.ssh: S 30 \
01400670:3001400670(0) win 5840 <mss 1400,sackOK,timestamp
6115867860,nop,wscale 0> (DF)
07:15:59.917319 <Dest IP>.ssh > <Static IP>.37663: S 65 \
5604264:655604264(0) ack 3001400671 win 65535 <mss \
1452,nop,wscale0,nop,nop,timestamp 2759543 611586786> (DF)
07:16:02.911250 <Static IP>.37663 > <Dest IP>.ssh: S 30 \
01400670:3001400670(0) win 5840 <mss 1400,sackOK,timestamp \
6115870860,nop,wscale 0> (DF)
07:16:02.911369 <Dest IP>.ssh > <Static IP>.37663: S 65 \
5604264:655604264(0) ack 3001400671 win 65535 <mss \
1452,nop,wscale0,nop,nop,timestamp 2759842 611587086> (DF)
07:16:05.905034 <Dest IP>.ssh > <Static IP>.37663: S 65 \
5604264:655604264(0) ack 3001400671 win 65535 <mss \
1452,nop,wscale0,nop,nop,timestamp 2760142 611587086> (DF)
Also, I don't get a echo response back from the static IP. If I ping
the static's GW I get answers, but not the actual static IP. The echo
requests are gettng there though:
07:35:41.966769 <Dest IP> > <Static IP>: icmp: echo request
07:35:42.977156 <Dest IP> > <Static IP>: icmp: echo request
07:35:43.992579 <Dest IP> > <Static IP>: icmp: echo request
07:35:44.997944 <Dest IP> > <Static IP>: icmp: echo request
07:35:46.003377 <Dest IP> > <Static IP>: icmp: echo request
No responses come back though.
Any suggestions?
[1] http://linux-ip.net/html/adv-multi-internet.html
--
David Magda <dmagda at ee.ryerson.ca>, http://www.magda.ca/
Because the innovator has for enemies all those who have done well under
the old conditions, and lukewarm defenders in those who may do well
under the new. -- Niccolo Machiavelli, _The Prince_, Chapter VI
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
