Re: Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Feb 13, 2007 at 02:50:13PM +0100, Paul Viney wrote:
> Hi all,
> 
> I'm trying to set up a computer with 2 routes to the internet, much as 
> described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One of my 
> interfaces (eth5, 192.168.2.2) is only used for traffic originating inside 
> the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all 
> (udp) traffic originates from outside our network. I have created a second 
> routing table for eth1, with its own default gateway, and selected it with
> ip rule from 192.168.1.2 iif lo lookup 4. All this works fine.
> My problem is that one of the udp ports is forwarded to another server using 
> iptables:
> /sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport 
> 4902 -j DNAT --to 192.168.12.5:4902
> 
> using tcpdump on eth1, I can see that the incoming packets receive an icmp 
> rejection, and when I try something like
> 
> ip route get 192.168.12.5 from 64.233.183.103 iif eth1
> I get "RTNETLINK answers: Invalid argument"
> 
> If I try 
> ip route get 192.168.12.5 from 64.233.183.103 iif eth5
> I get
> 192.168.12.5 from 64.233.183.103 dev eth3  src 192.168.2.2
>     cache  mtu 1500 advmss 1460 metric 10 64 iif eth5
> 
> which leads me to conclude that the difference has something to do with the 
> default route.
> I've tried things like
> ip rule add iif eth1 lookup 4   (4 being my custom routing table)
> ip rule add from 192.168.1.2 lookup 4
> 
> and even
> iptables -t nat -I PREROUTING -i eth1 -p udp -j MARK --set-mark 1
> ip rule from all fwmark 0x1 lookup 4
> ip route flush cache
> 
> I'm using linux 2.6.19.2 + grsecurity patches, every option I could find 
> compiled in, on an up to date gentoo system.
> 
> Can anyone see what I'm missing?
> 
> Thanks,
> 
> Paul Viney
> 
> 
> ip route show
> 192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
> 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
> 192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.2.1 dev eth5
> 
> ip route show table 4
> 192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
> 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
> 192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
> 127.0.0.0/8 dev lo  scope link
> default via 192.168.1.1 dev eth1
> 
> ip rule show
> 0:      from all lookup local
> 9999:   from all fwmark 0x1 lookup 4
> 10000:  from 192.168.1.2 iif lo lookup 4

if the ip address on eth1 is 64.233.183.103  then you need a rule
10001:  from 64.233.183.103 lookup 4

I don't think the fwmark rule will work with ip route get.

Plus your routing information in table 4, you are saying that the default
address is available via 192.168.1.1 ???? that doesn't match up with
64.233.183.103



this is my ip ru
0:      from all lookup local 
200:    from 144.132.147.156 lookup cable 
201:    from 60.241.248.86 lookup adsl 
32766:  from all lookup main 
32767:  from all lookup default


144.132.147.156 is one isp, 60.241.248.86 is the other one

ip r sh tab cable
192.168.8.248/29 dev tap0  scope link  src 192.168.8.249 
192.168.11.0/24 dev vlan0  scope link  src 192.168.11.1 
192.168.10.0/24 dev eth1  scope link  src 192.168.10.1 
default via 144.132.144.1 dev vlan2  proto static  src 144.132.147.156  metric
50 
prohibit default  proto static  metric 100


ip r sh tab adsl 
192.168.8.248/29 dev tap0  scope link  src 192.168.8.249 
192.168.11.0/24 dev vlan0  scope link  src 192.168.11.1 
192.168.10.0/24 dev eth1  scope link  src 192.168.10.1 
default via 10.20.20.168 dev ppp0  proto static  src 60.241.248.86  metric 20 
prohibit default  proto static  metric 100

ip r sh tab default
default  proto static  metric 5 
        nexthop via 144.132.144.1  dev vlan2 weight 1
        nexthop via 10.20.20.168  dev ppp0 weight 20
default via 10.20.20.168 dev ppp0  src 60.241.248.86  metric 20 
default via 144.132.144.1 dev vlan2  src 144.132.147.156  metric 30


The difference for you should be in the default table, you will not need 
default  proto static  metric 5
        nexthop via 144.132.144.1  dev vlan2 weight 1
        nexthop via 10.20.20.168  dev ppp0 weight 20


cause you want all your traffic to go out 1 link.

alex


> 30000:  from all lookup main
> 30000:  from all lookup default
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

Attachment: signature.asc
Description: Digital signature

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux