for the past couple of days i've been banging my head against a wall
trying to get this iproute2 issue resolved. the basic scenario is as
follows.
eth0 - external ip
eth1 - internal ip
i'm forwarding an external ip to the internal interface at a port
that's responding.
i can connect to the internal ip just fine.
%telnet 10.x.x.x 25
Trying 10.x.x.x...
Connected to xxxx.
Escape character is '^]'.
220 xxxx ESMTP
i need a higher port forwarded to port 25 on that machine for a couple
of asinine reasons. this is what i see when i tcpdump the eth1
interface without iproute2 rules in place.
%telnet 63.x.x.x smtps
Trying 63.x.x.x...
# tcpdump -i eth1 host 206.x.x.x
tcpdump: listening on eth1
13:00:32.048622 206.x.x.x.1325 > 10.x.x.x.smtp: S
3731510172:3731510172(0) win 57344 <mss 1460> (DF)
13:00:35.227581 206.x.x.x.1325 >
10.x.x.x.smtp: S
3731510172:3731510172(0) win 57344 <mss 1460> (DF)
10 packets received by filter
0 packets dropped by kernel
# tcpdump -i eth0 host 206.x.x.x
tcpdump: listening on eth0
13:00:44.621421 10.x.x.x.smtp > 206.x.x.x.1325: S
2172768788:2172768788(0) ack 3731510173 win 5792 <mss
1460,nop,nop,timestamp 33133661 50571017,nop,wscale 0> (DF)
13:00:44.871241 10.x.x.x.smtp > 206.x.x.x.1325: S
2172768788:2172768788(0) ack 3731510173 win 5792 <mss
1460,nop,nop,timestamp 33133686 50571017,nop,wscale 0> (DF)
2 packets received by filter
0 packets dropped by kernel
so as you can see without the iproute2 rule, the 10.x.x.x traffic
leaves through the 63.x.x.x interface. that's bad mojo. So i've
setup some iproute2 tables and rules. Here's what i've setup thus
far.
# cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
100 internal
ip route add default via 10.x.x.1 dev eth1 table internal
# ip ru show
0: from all lookup local
32765: from 10.x.x.x lookup internal
32766: from all lookup main
32767: from all lookup default
so when i add the "ip route add" command and i tcpdump -i eth1 host
206.x.x.x i see zero packets. if i start the connection via telnet,
then add the rule, the connection works traffic gets routed
correctly... but initiating another connection via telnet only causes
the machine to see no traffic when i tcpdump -i eth1. If i remove
the rule after that point, it goes back to routing through the wrong
interface. it's quite bizarre and probably something small and silly
i'm overlooking... but my eyes aren't fresh enough anymore. Can
someone lend some ideas?
http://lartc.org/howto/lartc.rpdb.html
is the main URL i've been using as a reference for iproute2. fwiw.
my main routing table is as follows.
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref
Use Iface
63.x.x.0 0.0.0.0 255.255.255.0
U 0 0 0 eth0
10.x.x.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.x.x.0
0.0.0.0 255.255.0.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0
255.0.0.0 U 0 0 0 lo
0.0.0.0 63.x.x.x 0.0.0.0 UG 0 0 0 eth0
--
---
ichi.brown@xxxxxxxxx
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
