Search This Blog

Thursday, November 29, 2007

Re: policy routing problem

Hello,

Alexandr Shurigin a écrit :
>
> ip route add 87.224.167.g1 dev eth1 table ETH1
> ip route add default via 87.224.167.g1 dev eth1 table ETH1
> ip route add 212.49.121.g2 dev eth3 table ETH3
> ip route add default via 212.49.121.g2 dev eth3 table ETH3
>
> iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1
>
> ip rule add fwmark 1 pri 100 table ETH3
>
> iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source=212.49.121.g2
>
> echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter
>
> ip rule add from 87.224.167.add1 pri 200 table ETH1
> ip rule add from 212.49.121.addr2 pri 250 table ETH2
^^^^
Isn't it ETH3 ?

> which resolves problem with 2 internet providers andd their routers.
> all works fine.
>
> But network 192.168.1.0/24 which is at interface eth2 cannot ping ip
> addresses of eth1 and eth3 server interfaces.

The reply has the source address of eth1 resp. eth3 thus is routed
according to the ETH1 resp. ETH3 routing tables. Since these tables
contain no specific route to the destination 192.168.1.0/24, their
default route is used, which tells to send the packet through interface
eth1 resp. eth3 instead of eth2.

Try the following quick fix :

ip route add 192.168.1.0/24 dev eth2 table ETH1
ip route add 192.168.1.0/24 dev eth2 table ETH3


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

No comments: