Hi all,
I have the following configuration:
_______
+------------+ /
diginet link | | |
+-------------+ Provider 1 +-------
__ | | | /
___/ \_ +------+-------+ +------------+ |
_/ \__(eth0)| eth1 (stat) | /
/ \ 254| | |
| Local network -----+ Linux router | | Internet
\192.168.1.x __/ | | |
\__ __/ | eth2 (dyn) | \
\___/ +------+-------+ +------------+ |
254| |ppp0 | | \
(eth3)| +-------------+ Telecomms +-------
| adsl link | ADSL | |
___ | +------------+ \________
_/ \__ |
__/ \___ |
/ \----+
| Local Network |
\__172.16.1.x__/
\__ ___/
\_/
In words:
Two local LAN's (172.16.1.x) and (192.168.1.x). They service different
parts of the organisation. The point is, the client does not want
traffic from the 172.16.1.x network going over the ADSL link otherwise
the cap will be reached in hours (iterally). The Router is also the mail
server, so mail is delivered to the eth1 interface via a static IP
address (eth1 in the diagram) - it is a 196.xx.xx.xx address.
The ADSL is not a static address - 165.146.yy.yy.
The LAN interface from the 192.168.1.x network on the router is
192.168.1.254. The LAN interface on the other network is 172.16.1.254.
The 10.x.x.x network is an IP I have assigned to the eth2 interface to
ensure that I can still talk to my adsl router, but the ppp0 link is a
pppoe connection to the telecomms provider.
So, with some assistance, I have set up the following:
Table main:
165.146.128.1 dev ppp0 proto kernel scope link src 165.146.yy.yy
196.xx.xx.xx/nn dev eth1 proto kernel scope link src 196.xx.xx.xx
10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.254
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.254
default via 196.xx.xx.xx dev eth1
(the default route here is going out through the diginet link -
196.xx.xx.xx in this table)
table adsl:
10.0.0.0/24 dev eth2 scope link
192.168.1.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 165.146.yy.yy dev ppp0
the rules:
0: from all lookup local
90: from all to 192.168.1.0/24 lookup main
100: from 192.168.1.0/24 lookup adsl
32766: from all lookup main
32767: from all lookup default
ip route add default via 165.146.yy.yy dev ppp0 table adsl
Now here it croaks. When I add this route, the continuous ping to a host
on the internet from a machine on the Local Network (192) stops, which
tells me it cannot get out via the ADSL link. In order to check whether
the ADSL was working, I tried swapping the routes around so that the
default traffic uses to ADSL link, and this worked - so it's not a
problem with the physical ADSL link to the Internet.
I have tested the following:
1) From a PC on the 192 net, I can ping the Telcomms ADSL gateway on the
remote side (in my case, this is 165.146.128.1), but not further.
2) From the Linux router, I can ping to the 165.146.128.1 and beyond.
3) I know the firewall rules are not blocking traffic since I am logging
any traffic that is blocked by the firewall and nothing is showing up in
the logs.
My NAT firewall rules are as follows:
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth1 -j SNAT --to-source
196.xx.xx.xx
So, what's so hard about that! And yet, the minute I add a default route
to the adsl table, things go pear shaped. Take that out, and the people
on the LAN (192 net) can talk to everything on the Internet.
So, what am I doing wrong here? I hope this is sufficient information to
assist me in my routing woes.
Any help.....yadda yadda.
Cheers
H
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
