On Thu, Jun 14, 2007 at 11:50:30AM +0800, Salim S I wrote: > I solved it, thought a bit ugly. > > Have two more rules now in ip ru > > 32150: from all lookup main > 32201: from all fwmark 0x200/0x200 lookup wan1_route > 32202: from all fwmark 0x400/0x400 lookup wan2_route > 32203: from 10.20.0.137 lookup wan1_route > 32204: from 10.2.3.107 lookup wan2_route > 32205: from all lookup catch_all > 32766: from all lookup main > > I did not like to include WAN IP anywhere, coz it may be dynamic, but > well, seems like no choice. ran into the same problem, I capture the link information at ip-up time for ppp/pppoe and dhcp time for cable modem, then I fire off a scrip that pulls down all the ip ru & ip ro and builds it from scratch (as well as the specialised iptables rules as well). This should only happen when I loose a connection so should be okay > > And then two rules in OUTPUT chain > Iptables -t mangle -A OUTPUT -o eth2 -j LB1 > Iptables -t mangle -A OUTPUT -o eth3 -j LB2 > > -----Original Message----- > From: lartc-bounces@xxxxxxxxxxxxxxx > [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Salim S I > Sent: Wednesday, June 13, 2007 12:08 PM > To: 'Peter Rabbitson' > Cc: lartc@xxxxxxxxxxxxxxx > Subject: RE: Re: multiple routing tables for internal router > programs > > My configuration > > root@xxxxxxxxx:~# ip ru > 0: from all lookup local > 32150: from all lookup main > 32201: from all fwmark 0x200/0x200 lookup wan1_route > 32202: from all fwmark 0x400/0x400 lookup wan2_route > 32203: from all lookup catch_all > 32766: from all lookup main > 32767: from all lookup default > > root@xxxxxxxxx:~# ip ro li ta main > 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.254 > 10.20.0.0/24 dev eth2 proto kernel scope link src 10.20.0.137 > 192.168.1.0/24 dev eth10 proto kernel scope link src 192.168.1.254 > 10.2.3.0/24 dev eth3 proto kernel scope link src 10.2.3.107 > 127.0.0.0/8 dev lo scope link > > root@xxxxxxxxx:~# ip ro li ta wan1_route > default via 10.20.0.1 dev eth2 proto static > root@xxxxxxxxx:~# ip ro li ta wan2_route > default via 10.2.3.254 dev eth3 proto static > > root@xxxxxxxxx:~# ip ro li ta catch_all > default proto static > nexthop via 10.20.0.1 dev eth2 weight 1 > nexthop via 10.2.3.254 dev eth3 weight 1 > > The catch_all table comes into play only for local packets. All > forwarded packets are marked in mangle PREROUTING, with 0x200 0r 0x400. > > If not loadblancing ping script, there maybe other apps using domain > names instead of IP address, they might still fail, right? > > The problem happens when one of the link goes down (not the nexthop,but > after that). Then the kernel will pick an interface and wrong src IP for > local packets. > > > -----Original Message----- > From: Peter Rabbitson [mailto:rabbit@xxxxxxxxx] > Sent: Tuesday, June 12, 2007 7:24 PM > To: Salim S I > Cc: lartc@xxxxxxxxxxxxxxx > Subject: Re: Re: multiple routing tables for internal router > programs > > Salim S I wrote: > > Thanks! I get it now. > > But why the src address for the interface is wrong? > > In my case eth2 has a.b.c.d and eth3 has p.q.r.s. > > > > DNS queries going through eth2 has p.q.r.s as src address and those > > going through eth3 has a.b.c.d. Something wrong with routing? > > Possible. Post full configuration and someone might be able to help. > > > I was wondering, how the ping script (to check the lonk status) of > > others work id domain name is used. > > Don't know about others, and I personally use ip addresses :) > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
