Re: Basic routing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Smithee wrote, On 10/04/2014 05:07 PM:

Thomas Bätzler wrote, On 10/04/2014 03:56 PM:

Hi,

Am 04.10.2014 um 13:06 schrieb John Smithee:

Ok, I admit using "ping -I" was a bad example. The whole point I tried
to make is, that the second net (69.0) cannot reach any other IP
outside its own net.
The goal is to let 69.0 reach the world via this gateway machine
68.22/69.22.
Is some iptables needed in this case?


You do have IP forwarding enabled?

If not,  enable it using
   echo "1" > /proc/sys/net/ipv4/ip_forward
and try again.


HTH,
Thomas



Yes, ip frowarding is enabled.

After doing much research on the net and experimenting
I think (still testing) I finally found a solution,
but it's unfortunately a little bit complicated.
I'll summarize later.



I finally managed to get it working with these steps:

IF0="eth0"
NW0="192.168.68.0/24"
ET0="192.168.68.22"
GW0="192.168.68.254"
TAB0="my0"  # must be defined in /etc/iproute2/rt_tables, f.e. 100 my0

IF1="eth1"
NW1="192.168.69.0/24"
ET1="192.168.69.22"
GW1="192.168.69.7"
TAB1="my1"  # must be defined in /etc/iproute2/rt_tables, f.e. 101 my1

ip route add $NW0 dev $IF0 src $ET0 table $TAB0
ip route add default via $GW0 table $TAB0

ip route add $NW1 dev $IF1 src $ET1 table $TAB1
ip route add default via $GW1 table $TAB1

ip route add $NW0 dev $IF0 src $ET0
ip route add $NW1 dev $IF1 src $ET1

# your preference for default route:
ip route add default via $GW0

ip rule add from $ET0 table $TAB0
ip rule add from $ET1 table $TAB1
ip rule add to   $ET0 table $TAB0
ip rule add to   $ET1 table $TAB1

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


This solution is not that bad, though IMHO complicated.
But one thing is still missing: 69.* cannot ping
the IP 68.22, but other than that it can reach everything else.

If someone knows a simpler solution pls let me know, thx.


Here are some references where I found the above stuff:

http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/
http://www.linuxhorizon.ro/iproute2.html
http://www.lartc.org/howto/lartc.rpdb.html
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html




--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux