I solved it, thought a bit ugly. Have two more rules now in ip ru 32150: from all lookup main 32201: from all fwmark 0x200/0x200 lookup wan1_route 32202: from all fwmark 0x400/0x400 lookup wan2_route 32203: from 10.20.0.137 lookup wan1_route 32204: from 10.2.3.107 lookup wan2_route 32205: from all lookup catch_all 32766: from all lookup main I did not like to include WAN IP anywhere, coz it may be dynamic, but well, seems like no choice. And then two rules in OUTPUT chain Iptables -t mangle -A OUTPUT -o eth2 -j LB1 Iptables -t mangle -A OUTPUT -o eth3 -j LB2 -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Salim S I Sent: Wednesday, June 13, 2007 12:08 PM To: 'Peter Rabbitson' Cc: lartc@xxxxxxxxxxxxxxx Subject: RE: Re: multiple routing tables for internal router programs My configuration root@xxxxxxxxx:~# ip ru 0: from all lookup local 32150: from all lookup main 32201: from all fwmark 0x200/0x200 lookup wan1_route 32202: from all fwmark 0x400/0x400 lookup wan2_route 32203: from all lookup catch_all 32766: from all lookup main 32767: from all lookup default root@xxxxxxxxx:~# ip ro li ta main 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.254 10.20.0.0/24 dev eth2 proto kernel scope link src 10.20.0.137 192.168.1.0/24 dev eth10 proto kernel scope link src 192.168.1.254 10.2.3.0/24 dev eth3 proto kernel scope link src 10.2.3.107 127.0.0.0/8 dev lo scope link root@xxxxxxxxx:~# ip ro li ta wan1_route default via 10.20.0.1 dev eth2 proto static root@xxxxxxxxx:~# ip ro li ta wan2_route default via 10.2.3.254 dev eth3 proto static root@xxxxxxxxx:~# ip ro li ta catch_all default proto static nexthop via 10.20.0.1 dev eth2 weight 1 nexthop via 10.2.3.254 dev eth3 weight 1 The catch_all table comes into play only for local packets. All forwarded packets are marked in mangle PREROUTING, with 0x200 0r 0x400. If not loadblancing ping script, there maybe other apps using domain names instead of IP address, they might still fail, right? The problem happens when one of the link goes down (not the nexthop,but after that). Then the kernel will pick an interface and wrong src IP for local packets. -----Original Message----- From: Peter Rabbitson [mailto:rabbit@xxxxxxxxx] Sent: Tuesday, June 12, 2007 7:24 PM To: Salim S I Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: Re: multiple routing tables for internal router programs Salim S I wrote: > Thanks! I get it now. > But why the src address for the interface is wrong? > In my case eth2 has a.b.c.d and eth3 has p.q.r.s. > > DNS queries going through eth2 has p.q.r.s as src address and those > going through eth3 has a.b.c.d. Something wrong with routing? Possible. Post full configuration and someone might be able to help. > I was wondering, how the ping script (to check the lonk status) of > others work id domain name is used. Don't know about others, and I personally use ip addresses :) _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
