Hi all,

I have the following problem:

1 Linux-host with 1 NIC 10.10.10.1

3 Gateways 10.10.10.50, 10.10.10.60, 10.10.10.70

I made the first gateway the default-gateway. IP-packets coming from the other gateways should be returned to them.
I tried
"ip rule add from 10.10.10.60 table 60"
"ip route add table 60 default via 10.10.10.60"
and
"ip rule add from 10.10.10.70 table 70"
"ip route add table 70 default via 10.10.10.70"

Unfortunately that does not work. But I have no idea why it does not work.

Any help is appreciated. Thanks.

Frank

there are no hidden parameters, so it should work; if it does not, describe everything you did; in general, you have to define new route table, add rule(s) to route to that table and fill it out with necessary routing entries

unfortunately it does not work.
The problem: ip traffic comes from outside via different routers (10.10.10.50, 10.10.10.60, 10.10.10.70). I don't know the source ip addresses of these clients. The incoming traffic to the server should be returned via the router which it came from. So what I did:

1. I added to /etc/iproute2/rt_tables "10 box1" (as an example for router 10.10.10.50)
2. I defined the default gateway for "box1" with: "ip route add default via 10.10.10.50 table box1
3. I defined the condition "if traffic comes via box1 routing table box1 with: "ip rule add from 10.10.10.50 table box1"
4. ip route flush cache

It seems that the condition "from 10.10.10.50" does not become true. But I cannot use the ip address of a real client, because I don't know them....

Who can help?

Thanks a lot

well, in this case you know ethernet address of router that packet went through; set mark with iptables (mangle table) matching the ethernet source address and add iproute rule using fwmark selector; probably you need to mark connections as well as distinct packets

thank you very much for the explanation. Yes I know the MAC-address of the "source-router" but I had never to do in detail with iptables.
So I will start reading. I appreciate any closer explanation of the steps.

Can you tell me how to mark a packet with the mac-address of the "source-router" it came from?

Thanks again

so what I did so far:

iptables -A PREROUTING -t mangle -m mac --mac-source XX:XX:XX:XX:XX:XX -j MARK --set-mark 1
ip rule add fwmark 1 table box1
(in table box1 is: "default via 10.10.10.50 dev eth0)

But again it seems that the rule-condition does not come true because it does not work....

Do you have any more ideas?

Thanks in advance.

well, you are on the right way

mark incoming connections:
then mark packets as well:
then your routing should work

Hi Ygrex, I really appreciate your patience but I'm stuck again. I've tried the follofwing:

ip rule add fwmark 1 table box1
iptables -A PREROUTING -t mangle -m mac --mac-source XX:XX:XX:XX:XX:XX -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -m mac --mac-source XX:XX:XX:XX:XX:XX -m state --state NEW,RELATED -j CONNMARK --set-mark 1
iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark

It still does not work....

then there are should be conflicting settings; among things to check: icmp-redirects, routing cache, routing related parameters in sysctl;
also locally generated traffic does not traverse PREROUTING chain in mangle but OUTPUT