Mark all incoming packets on connection
Hi All,
I have found a few articles and tutorials which seem to do what I need but can't seem to get them to work. My Setup : I have a router which makes two ppp connections. PPP0 is my default route and is an uncapped ADSL. PPP1 is a Local Only (South Africa) account which has DNS resolving to its IP. PPP1 allows certain connections in. I want all packets coming in on PPP1 to be marked so that after they have been routed through our local servers they can go back out over PPP1. Both connections use dynamically assigned ip addresses. I want to use PPP0 to make a connection to one of our stores, but when our stores connect to us they will be using PPP1. All packets from these incoming connections will need to be routed back over PPP1. Hope that makes sense. If anything is unclear please ask. Your assistance would be greatly appreciated. Regards Andrew Higgs |
That's quite a set up! Have you looked at the LARTC site (Linux Advanced Routing and Traffic Control) It has something similar there that you could probably adapt.
|
Hi Bakdong,
I have looked at these examples and similar ones. But they all seem to be doing Load Balancing and not quite what I am doing (trying to do). I need to mark all incoming packets. These packets are then redirected to a local machine. When they come back to the router they need to go back out on the original incoming interface (and not the default route). Not sure if I am missing something but I can't seem to get it to work. I will experiment a little more and maybe post a script later for people to look at. Perhaps this will help. Regards |
It's definitely there. You will need a combination of ip rule tables, iptables to mark the packets, and conntrack. The load balancing part swaps the default route periodically with an optional weighting scheme. You don't have to incorporate that if you don't want it.
|
Hi Bakdong,
Thanks for the reply. My ASCII art sucks but here goes. This is a diagram of the network: Code:
mail----+ The problem comes in when store1 or store2 make a connection to the mail server. They connect via ppp1 (their is a dns resolvable name on this connection which I can't have on ppp0). The packets from this connection are then redirected to mail. When mail routes back to the store, the default gateway is used and the connection is broken. The solution to this is add a route to allow traffic to store1 and store2 to go via ppp1, but then all connections from inside the local network are also affected. So I am thinking I need to mark all new incoming connections on ppp1 so that they can be routed back to ppp1 later. What I have tried so far is this : Code:
#!/bin/sh Code:
*mangle Regards Andrew Higgs |
If the stores trying to connect to the mail server and from there back to them over ppp1 why not just have all the packets coming from the mail server go through ppp1?
|
You've got no pref numbers in your ip rule statements. Not sure that's the problem though. What's the output of :
ip rule ip route show table Uncapped/Localonly |
Quote:
Here are my scripts to hopefully achieve the above : mangle has been stripped to the following: Code:
*mangle What am I missing? If my hair was longer I would be pulling it out. :-) Regards Andrew Higgs |
Quote:
The output of ip rule : Code:
0: from all lookup local Code:
default dev ppp1 scope link Code:
default dev ppp0 scope link Regards Andrew Higgs |
Ok, so it's nothing to do with the pref number (32764-7 in your case) I can't see why it's not working. Sorry.
|
Quote:
|
Maybe something like this will settle the dust.
Code:
ip rule add from mail.server.i.p to sto.re.1.ip table LocalOnly |
Stabbing in the dark now.... do you have specific routes defined in the main table? If you have, wouldn't these take priority over the default routes?
|
Quote:
I have no problem with not needing to mark packets. In fact the simpler the solution the better. :-) I have reset my firewall to remove all marking etc. I have flushed all rules relating to marking. This is what ip rule puts out now : Code:
0: from all lookup local What should be in ip route show table LocalOnly? This is what it currently has in it : Code:
default dev ppp1 scope link Thanks again. Regards Andrew |
Quote:
Yes. The main routing table routes all packets destined for 196.210.0.0 and 196.215.0.0 to ppp1. The end goal is to have these removed so that connections initiated from our internal network (i.e. user1 and user2) are routed via ppp0. Regards Andrew |
All times are GMT -5. The time now is 12:08 AM. |