Hi everybody,
sorry for posting again, however I've moved the problem now ;-)
After digging a bit deeper, I've successfully set up the routing as
such, it works for incoming as well as outgoing packets that take the
default route.
Changing some of the routes using IP works as well.
When I mark some outgoing packets in order to send them via another
route (the fast leased line instead of the slow DSL link), packets go
out there, the answer comes in, however, they never reach the internal
host, as far as I can track down the problem the connection tracking
does not recognize the answer as belonging to a known connection, so
that the reverse NAT will fail (we use SNAT on outgoing packets).
Any help or hints are appreciated!
Thanx,
Baltasar
Some more information:
### Routing looks like
ofc:/home/bc# ip ru sh
0: from all lookup local
5001: from <extip leased line>/29 lookup IQ
5002: from <extip DSL> lookup DSL
6001: from all fwmark 0x1 lookup IQ
6002: from all fwmark 0x2 lookup DSL
32765: from all lookup main
32766: from all lookup OVERRIDEdefault
32767: from all lookup default
ofc:/home/bc# ip ro sh table IQ
default via <extip leased line> dev eth0
ofc:/home/bc# ip ro sh table DSL
default dev ppp0 scope link
main contains local the link routes, OVERRIDEdefault has same contents
as DSL (default route via ppp0)
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
133 12567 ACCEPT all -- any any anywhere
priv172.net.hoster03.de/12
16 3560 ACCEPT all -- any any anywhere
priv192.net.hoster03.de/16
0 0 ACCEPT all -- any any anywhere
priv10.net.hoster03.de/8
0 0 MARK tcp -- any any anywhere
anywhere tcp dpt:www MARK set 0x1
### excert from /proc/net/ip_conntrack
tcp 6 38 SYN_RECV src=172.26.26.6 dst=<destination ip> sport=65431
dport=80 packets=1 bytes=60 src=<destination ip> dst=<extip leased
line> sport=80 dport=65431 packets=6 bytes=360 mark=0 use=1
### tcpdump excerpt of eth0
11:34:22.048909 IP (tos 0x0, ttl 63, id 64917, offset 0, flags [DF],
length: 60) <hostname leased line>.65431 > <destination hostname>.www:
S [tcp sum ok] 2180804841:2180804841(0) win 65535 <mss 1368,nop,wscale
2,nop,nop,timestamp 2652608360 0>
11:34:22.069640 IP (tos 0x0, ttl 50, id 0, offset 0, flags [DF],
length: 60) <destination hostname>.www > <hostname leased line>.65431:
S [tcp sum ok] 3611549187:3611549187(0) ack 2180804842 win 5792 <mss
1460,nop,nop,timestamp 2779605849 2652608360,nop,wscale 2>
[there are more packets like the last as the other host apparently
tries to resend]
[there are no packets on ppp0 at the time of the connection]
--
Baltasar Cevc
_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen
_____ http://www.former03.de
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
