Re: simple dual Internet connection setup not sending return packets on correct interface

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2004-11-26 at 18:25 +0100, diab wrote:
> yes they are conflicting with each other.. i thought that you could
> select which connection the packets should be using either based on
> the address the packets are coming FROM (-s some.ip.on.the.lan) or
> going TO (-d wan.destination.address.).

No.  The problem is that outbound reply packets (i.e. a SYN-ACK packet)
to incoming packets (i.e. SYN) are being NATted correctly (i.e. they
have the correct source address) they are just not being put on the
right interface.  They are being put on the interface of the default
route in the main routing table.

> iif is the interface packets are coming in (there is also oif).. if
> it's not a static ip address it might be convenient not having to use
> the IP of the connection but the interface. (same goes for the "via
> XX when you are doing "ip route add default dev XY table N")
> 
> if you do "man ip" it reads (ip rule add/ip rule del):

~sigh~  My man page for "ip" says only:

NAME
       ip - TCP/IP interface configuration and routing utility

SYNTAX
       ip

DESCRIPTION
       This utility allows you to configure your network interfaces in various
       ways.

OPTIONS
       For the complete command reference please look at the  following  docu-
       ment:
       /usr/share/doc/iproute-2.4.7/ip-cref.ps

SEE ALSO
       ifconfig(8), route(8), netstat(8), arp(8), rarp(8), ipchains(8)

AUTHORS
       Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>

and no "/usr/share/doc/iproute-2.4.7/ip-cref.ps" exists.

> iif NAME
>   select  the  incoming  device  to match.  If the interface is
>   loopback, the rule only matches packets originating from
>   this host.  This means that you may create separate routing tables for
>   forwarded and local packets  and,  hence,  com­
>   pletely segregate them.

OK.  But I don't know the device to use.  That is the *whole point* of
the ip rule add (from <iface address> lookup <table>) isn't it?  To
select the routing table (and therefore the outbound device) to send the
return packets on.

Maybe I am completely missing something in your explanation.

b.

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux