2 default routes on non router

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I have a server (srv) with two interfaces. One (IF_INT) is on an internal /24 network with a gateway (gw) which provides net access for the /24 lan. gw's internal interface is GW_INT.
The second (IF_EXT) is part of a public /28 network and has several IP addresses assigned.
Coincidently gw's public interface (GW_EXT) is part of the same /28 public network as IF_EXT. 

The /28 network's gateway (GW_ISP) belongs to the ISP.


         ,-----|GW_INT|
        /      |  gw  |
       /       |GW_EXT|-------,
      /                        \
     /                          \
    /                            \
|IF_INT|                         /------|GW_ISP|----- internet
| srv  |                        /
|IF_EXT|                       /
   \                          /
    \________________________/
I want to use GW_INT as the default route, so connections originating from the server would leave IF_INT, go though GW_INT and have GW_EXT's IP when connecting the internet using SNAT. 

However I also want IF_EXT to be available directly from the internet.
So far it's a standard out of the box setup. I just needed the server to be able to answer requests from the net directly through GW_ISP.
I tried to accomplish this by creating a second routing table on the server and adding the default route for GW_ISP there. 

# ip route add default via $GW_ISP_IP dev $IF_EXT table extnet

Adding a rule to use the table for fwmark 10.

# ip rule add fwmark 10 table extnet
And using iptables CONNMARK to track the incoming connections on IF_EXT so I can assign them to extnet when the server replies. 




This all works with one bigexception.
If I'm connecting to IF_EXT from an IP not listed in the main routing table, the packet is lost at "Routing Decision" [1]. I can connect to IF_EXT from GW_EXT or any other machine on the /28 network, but not from behing GW_ISP.
Although the route is available as default in the extnet table I have to add a internet located PC's route via GW_ISP to the main routing table for the PC to be able to connect. 

I don't understand why the source IP matters during the "Routing Decision".
I tried marking the incoming packets so they would use the extnet table. For testing I tried adding the internet PC in extnet instead of main and that would not work also. 


1 - http://iptables-tutorial.frozentux.net/images/tables_traverse.jpg

What's the correct solution to this problem?


Regards,

--

Aleksander Kamenik
System Administrator
Krediidiinfo AS
an Experian Company
Phone: +372 665 9649
Email: aleksander@xxxxxxxxxxxxxxx

http://www.krediidiinfo.ee/
http://www.experiangroup.com/
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux