Re: routing problem ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Martijn van Oosterhout wrote:


On Tue, Sep 05, 2006 at 11:16:20AM -0400, Bill Davidsen wrote:

Maybe your setup is slightly different from mine. We had two
connections, lets say "Expensive and Slow" (E) and "Cheap and Fast"
(C). The latter doesn't have static IP.

Anyway, all I wanted was that all outgoing traffic went via C, the only
traffic going out via E would be responses to requests coming in via E.

The solution is to SNAT all connections going out to the address of C.
And in the routing table, the default route is selected purely on the
basis of the source IP (which will be either C or something in the
netblock of E). There's no need to mark packets, or even care about
ports.
Martin, excuse my long delay revisiting this, I have spent the last few months participating in a lifestyle change... I still don't quite see how SNAT helps, based on two things: 

<snip>

Well yes, SNAT by itself doesn't do it. All it does is to make all
outgoing connections have the address of C. It doesn't affect incoming
connections at all, the ones coming over E whose reply packets need to
go out E.

It's the routing table that has the magic. All you need is to make sure
your main routing table (as shown by route) has no default route. Then
you do:

# First run main routing table
ip rule add pref 600 table main
# Then, if source IP is E, use routeE table
ip rule add pref 601 from E table routeE
# Otherwise use routeF table
ip rule add pref 602 table routeF

# These tables just contain the gateway addresses
ip route add table routeE default gw gatewayE
ip route add table routeF default gw gatewayF

There might be a nicer way of expressing it (and this is typed from
memory so the syntax may be off) but it worked fine for us.

Hope this helps,
It's actually more rules than what David suggested, which just puts a MARK on the packets to be forced out one interface or the other. But thanks for providing this, always nice to have another way to approach a problem. 

--
bill davidsen <davidsen@xxxxxxx>
 CTO TMR Associates, Inc
 Doing interesting things with small computers since 1979

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux