Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am really struggling to understand what I am missing or not doing to get this working. I am attempting to get zhjim's suggestion to work.
ASCII art for reference :
Code:
mail----+
| +-----------------+
| | |
| +------------ppp0------+ I +--------store1
| | | N |
| +--------------+ | T |
| | | | E |
user1---+-----------+ router (vpn) | | R |
| | | | N |
| +--------------+ | E |
| | | T |
| +------------ppp1------+ +--------store2
| | |
| +-----------------+
user2---+
He suggested routing everything from mail (172.16.48.200) to ppp1. What I have done to try to achieve this was the following: ip rule add from 172.16.48.200 table LocalOnly
This resulted in ip rule show giving the following :
Code:
0: from all lookup local
32764: from 172.16.48.200 lookup LocalOnly
32766: from all lookup main
32767: from all lookup default
ip route show table LocalOnly has the following output :
Code:
default via 1XX.2XX.1XX.X dev ppp1
Once this is done I remove the route from the main routing table (I assume this would be needed) so that connections coming from our local network to the stores can go out over the default route.
With the route removed from the main routing table the connection is broken.
What am I doing wrong? Do I need to do any SNATing? Both ppp0 and ppp1 are masqueraded.
What am I doing wrong? Do I need to do any SNATing? Both ppp0 and ppp1 are masqueraded.
masquerade = SNAT
Did you remember ip route flush cache?
According to the Linux Advanced Routing & Traffic Control HOWTO, you should the public IP in the ip rule command. Since masquerading is in use That should work regardless of which host is sending.
Two errors in your original approach were only marking half of the incoming packets, and not coping the connection mark to the packet mark on outgoing packets.
Last edited by TimothyEBaldwin; 04-13-2010 at 05:56 PM.
To OP.
You know, I think, if router receive incoming connection through interface PPP1, it should write it in its NAT table and it remembers it. So it connection physically can't go to PPP0.
I do not think you should do anything about it, your router does it.
Please, check it first.
To OP.
You know, I think, if router receive incoming connection through interface PPP1, it should write it in its NAT table and it remembers it. So it connection physically can't go to PPP0.
I do not think you should do anything about it, your router does it.
Please, check it first.
No, Linux NAT does not record anything about network interfaces, only IPv4 addresses and port numbers.
According to the Linux Advanced Routing & Traffic Control HOWTO, you should the public IP in the ip rule command. Since masquerading is in use That should work regardless of which host is sending.
Two errors in your original approach were only marking half of the incoming packets, and not coping the connection mark to the packet mark on outgoing packets.
Hi Timothy,
Thanks for the reply. I have followed all the steps in 4.2.1 of the supplied link and it is still not working. I have done an ip route flush cache. It doesn't seem to make a difference, or at least it doesn't get it working. If I remove the route (ip del -net 196.215.0.0/16) from the main routing table the connection breaks.
To OP.
You know, I think, if router receive incoming connection through interface PPP1, it should write it in its NAT table and it remembers it. So it connection physically can't go to PPP0.
I do not think you should do anything about it, your router does it.
Please, check it first.
Thanks nimnull22 for the suggestion, but just to clarify, I tried it and it didn't work.
Regards
Last edited by andrewhiggs; 04-14-2010 at 05:31 AM.
If it is Linux router, if has CONNECTION TRACKER=nf_conntrack, and if incoming connection was established from IP=ppp0 it will newer go out from any other interfaces.
If it is Linux router, if has CONNECTION TRACKER=nf_conntrack, and if incoming connection was established from IP=ppp0 it will newer go out from any other interfaces.
You can see you self: /proc/net/nf_conntrack
Hi nimnull22,
I have nf_conntrack loaded. The connections coming into ppp1 are redirected to another machine (mail). The returning packets are routed back out via default route (ppp0) unless I set routes to ppp1.
I am going to setup the connection directly on the mail server for now as this is hopefully only a temporary problem.
You know, if you have two gateway to go outside, should two default route.
If, only if you want to test it, you can add second default route, but first delete one you have right now.
It is simple, look on this example:
Code:
echo "1 First_ISP" >> /etc/iproute2/rt_tables
echo "2 Second_ISP" >> /etc/iproute2/rt_tables
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.200 table First_ISP
ip route add default via 192.168.1.1 table First_ISP
ip route add 192.168.0.0/24 dev eth2 src 192.168.0.200 table Second_ISP
ip route add default via 192.168.0.1 table Second_ISP
If it is Linux router, if has CONNECTION TRACKER=nf_conntrack, and if incoming connection was established from IP=ppp0 it will newer go out from any other interfaces.
You can see you self: /proc/net/nf_conntrack
One can not see it there, because it is not there. That file contains lines like:
It should be obvious that there is no reference to any network interfaces, furthermore unless configured using "ip rule" or equivalent the source address of the packet is NOT used to determine outgoing interface.
Quote:
Originally Posted by nimnull22
Code:
echo "1 First_ISP" >> /etc/iproute2/rt_tables
echo "2 Second_ISP" >> /etc/iproute2/rt_tables
ip route add 192.168.1.0/24 dev eth0 src 192.168.1.200 table First_ISP
ip route add default via 192.168.1.1 table First_ISP
ip route add 192.168.0.0/24 dev eth2 src 192.168.0.200 table Second_ISP
ip route add default via 192.168.0.1 table Second_ISP
That's not sufficient, as that stands those routes will be unused because no routing policy database entry refers to them. The following commands are not optional:
Code:
ip rule add from 192.168.1.200 table First_ISP
ip rule add from 192.168.0.200 table Second_ISP
To andrewhiggs, can we see the output of these commands:
Code:
ip addr show
ip rule show
ip route show table all
iptables-save
With that rule, all traffic inbound on ppp1 going to the mail server would be DNAT'ed to go to the mailserver.
This will effectively do nothing, EXCEPT netfilter will take care of the connection and hopefully it will go out on the right interface
Last edited by SuperJediWombat!; 04-16-2010 at 12:13 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.