routing problem

GLxZ · 10-08-2007, 05:16 PM

Hello everyone,

I've got some problems with routing. I have eth0 and eth1 in my linux box.

eth0 192.168.1.49, gateway 192.168.1.1, mask 255.255.255.0
eth1 172.17.130.253 gateway 172.17.130.254, mask 255.255.0.0

yes, each ethernet connection has a gateway address. The thing that I am trying to make is to make all the traffic from network 172.17.0.0/24 go through this box's eth1 to the gateway 172.17.130.254. I've already tried some tricks with routing table and iptables with no results. Note that I use 192.168.1.1 as a main gateway.

The reply with the solution to this problem would be appreciated.

lordy · 10-09-2007, 10:20 AM

; create separate routing table
echo "lan" >> /etc/iproute2/rt_table

; fill 'lan' routing table
ip route add dev eth1 172.17.130.254 src 172.17.130.253 table lan
ip route add default via 172.17.130.254 table lan

; rule all traffic from desired network to route by 'lan' routing table
ip rule add from 172.17.0.0/24 table lan

i hope it helps

Brian1 · 10-09-2007, 04:38 PM

If I understand this you have two networks attached to the eth1 nic
172.17.0.0/24 and 172.17.130.0/24
And eth0 is 192.168.1.0/24
Then you want traffic on 172.17.0.0/24 and 172.17.130.0/24 to through eth1 to eth0
I assume this traffic is mostly internet related.
Is this correct?

Brian

GLxZ · 10-10-2007, 08:17 AM

Not really, Brian. There are two separate networks. 172.17.130.0/24 works perfectly without routing it through my box, since it has a router (172.17.130.254) and the link into the world. 192.168.1.0/24 is another network (the main internet connection of my box). Those two networks shouldn't work together I just want to do the packet filtering and network monitoring for 172.17.130.0/24 using my linux box. I don't want the traffic from 172.17.130.0/24 go through 192.168.1.1 router.

Brian1 · 10-10-2007, 08:21 PM

I understand what you are doing now. Not sure of how to do it though. To me blocking eth1 traffic going out to eth0 seems to block actually access to eth1 network. Maybe something will popout to me.

Brian

rmitev · 10-12-2007, 07:32 AM

see second post (lordy) ...

Your linux box must be a gateway for 172.17.0.0/24 network ...
set 172.17.130.254 at your pc and 172.17.130.253 at old gateway ...

ip ro add default via 172.17.130.253 table 100
ip rule add from 172.17.0.0/24 table 100

and !!!important!!! disable send_redirects and accept_redirects in kernel (/proc/sys/net/ipv4/conf/all)

GLxZ · 10-14-2007, 05:50 PM

I forgot to mention that I can't change my router's IP. So rmitevs' solution doesn't work either. I have an idea how to make it using one more lan card, though. I'll let you know how will that go. Take care everyone.

rmitev · 10-16-2007, 07:01 AM

with one more lan card you can do a transparent bridge and set it before gateway

[72.17.0.0/24 network] <-----> [eth1 - your PC - eth2] <-----> [gateway 172.17.130.254]