LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 08-02-2011, 02:19 PM   #1
yozapho
LQ Newbie
 
Registered: Aug 2011
Posts: 2

Rep: Reputation: Disabled
Advanced routing problem


Hi,

I have 2 internet links using 2 ADSL routers and I need to give access to the Internet for the 192.168.0.0/24 network.

I have to route outgoing traffic based on port number, protocol,
using iproute2 and iptables on a linux router.

I have the following network configuration:
Code:
     (ISP-1)                              (ISP-2)
Dynamic public IP                    Dynamic public IP 
        |                                    |
+---------------+                    +---------------+
|ADSL Router (1)|                    |ADSL Router (2)|
+---------------+                    +---------------+
        |                                    |
   192.168.1.1                          192.168.2.1
        |                                    |
        |                                    |
        |                                    |
        |        +------------------+        |
        |        |                  |        |
   192.168.1.2 --|eth1          eth2|-- 192.168.2.2
                 |                  |
                 |   Linux Router   |
                 |                  |
                 |       eth0       |
                 +------------------+
                          |
                     192.168.0.1
                          |
                          |
                    Local Network:
                    192.168.0.0/24
I use the following script to setup the network configuration on the Linux router:
Code:
#!/bin/bash

echo 1 >| /proc/sys/net/ipv4/ip_forward
echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

# flush all iptables entries
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT

# marking packets
iptables -t mangle -A PREROUTING -i eth0 -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p udp  -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth0 -p tcp  -j MARK --set-mark 2

# create routing tables and default routes
echo '1     ISP1' >> /etc/iproute2/rt_tables
echo '2     ISP2' >> /etc/iproute2/rt_tables
ip route add default via 192.168.1.1 dev eth1 table ISP1
ip route add default via 192.168.2.1 dev eth2 table ISP2

# routing based on previous marks
ip rule add fwmark 1 table ISP1
ip rule add fwmark 2 table ISP2

ip route flush cache


# NAT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
The problem is that I can't connect to the internet from the 192.168.0.0/24 network.

When I ping from this network to a remote server I can see (using Wireshark) replies returning back from that server to eth1 of the Linux router, but they don't reach eth0.

Please help. And Thanks in advance.
 
Old 08-04-2011, 03:28 PM   #2
Fantasio
Member
 
Registered: Nov 2007
Location: Vinsobres - Drome - France
Distribution: SuSE Linux 11.3
Posts: 148

Rep: Reputation: 18
route missing ?

I guess it misses the route for localnetwork (192.168.0.0) on the server via eth0.
 
Old 08-04-2011, 10:29 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,956
Blog Entries: 1

Rep: Reputation: 81
Let's take a look at the basics:

ip addr show
ip route show
ip route show table ISP1
ip route show table ISP2

iptables -L -nv
iptables -t nat -L -nv

I think that's a good starting point.

---------- Post added 08-05-11 at 12:30 AM ----------

Oh....

ip rule show
 
Old 08-04-2011, 10:34 PM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,956
Blog Entries: 1

Rep: Reputation: 81
and you are working with mangle so:

iptables -t mangle -L -nv
 
Old 08-04-2011, 10:41 PM   #5
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,956
Blog Entries: 1

Rep: Reputation: 81
If i'm not wrong, you have to add the other two network definitions to each interface's network table.

For example, for table ISP1:

ip route add 192.168.0.0/24 dev eth0 table ISP1 # access to local network
ip route add 192.168.2.0/24 dev eth2 table ISP1 # access to the other ISP's 'local' subnetwork
 
Old 08-05-2011, 02:04 PM   #6
yozapho
LQ Newbie
 
Registered: Aug 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank you "eantoranz" for your interest.

After a lot of hard work I finally found what was the problem.

In fact it is not a routing problem, the script is correct but something is missing.

This command is not enough to disable rp_filter:
Code:
echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter
So the traffic returning back from Internet was drop at eth1 and eth2.

When I disabled rp_filter explicitly for both interfaces by adding the following commands:

Code:
echo 0 >| /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 >| /proc/sys/net/ipv4/conf/eth2/rp_filter
The problem was solved and I get everything working perfectly.

The proof that Linux tutorials and documentation are not always completes.

Last edited by yozapho; 08-05-2011 at 02:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
( advanced ) routing with iptables stormrider_may Linux - Networking 1 11-15-2007 07:27 PM
Routing help, a little more advanced than most howtos thebudbottle Linux - Networking 1 10-01-2004 08:14 PM
Advanced Routing Problem sirrus_linux Linux - Networking 6 09-22-2004 05:41 AM
Advanced routing questions ivanatora Linux - Networking 3 10-23-2003 04:01 AM
Advanced Routing bakerv3 Linux - Networking 3 01-24-2003 06:54 AM


All times are GMT -5. The time now is 04:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration