Re: iproute2, alternative tables, no default route: routing trouble for localhost

[Pascal Hambourg <pascal.mail@plouf.fr.eu.org>]

Hello,

Pokotilenko Kostik a écrit :
> 1. There 3 servers and a router with 2 PPPoE connections (let call them:
> ppp0, ppp1).
> 2. There are several groups of Inet-clients to be served (Servers,
> Clients and Club).
> 3. The task is:
>    - to route Club through the ppp1;
>    - to Servers and Clients through ppp0;
[...]
> router # netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
> a1.a2.a3.a4     0.0.0.0         255.255.255.255 U         0 0          0 ppp0
> b1.b2.b3.b4     0.0.0.0         255.255.255.255 U         0 0          0 ppp1
[...]
> router # ip rule ls
> 0:      from all lookup local
> 32763:  from 10.10.100.101/24 lookup Club
> 32764:  from 10.10.100.100/24 lookup Clients

There's something wrong with these two rules. 10.10.100.101/24 and 
10.10.100.100/24 are not valid subnets. And if the IP routing strips the 
irrelevant least significant byte, they are actually identical subnets : 
10.10.100.0/24.

> 32765:  from 192.168.1.0/24 lookup Servers
> 32766:  from all lookup main
> 32767:  from all lookup default
>
> router # ip route ls table Clients
> default via a1.a2.a3.a4 dev ppp0

You should set an exception for eth0's address, else the router won't be 
able to reach 192.168.1.0/24 with this source address.

> router # ip route ls table Servers
> default via a1.a2.a3.a4 dev ppp0
>
> router # ip route ls table Club
> default via b1.b2.b3.b4 dev ppp1
>
> ========================================
>
> So, to summarize, the is no default route in main routing table. Each
> group of clients is to be routed through its respective connection, and,
> when its connection is down it is not to be routed.
>
> This scheme works almost fine, 10.10.100.100/24 addresses are really
> being routed through ppp0, 10.10.100.101/24 through ppp1 and
> 192.168.1.0/24 (3 Servers) through ppp0. BUT the router itself
> (192.168.1.4) has no route to any host.

Yes it has routes to some hosts : see the 'main' routing table. Did you 
mean "no route to any host but 192.168.1.0 and the two PPP peers" ?

> I get "network is unreachable"
> to any connection attempt from 192.168.1.4. And I can't connect to this
> router from outside, because the packets have no route to be sent back.
>
> I thought that there is different routing politics for localhost and
> added default route to "local" table. 192.168.1.4 has started to have
> the route, but the rest of the scheme started to work incorrectly.

Don't do that. The "local" routing table is intended only for special 
routes such as localhost or broadcast routes.

> So, the question is: how does the routing of packets comming from
> localhost is being accomplished?

In the same way as the routing of forwarded packets. From "ip rule" 
point of view, locally generated traffic is selected with "iif lo" (see 
iproute manual). Be aware that when the local source address is not 
explicitly specified by the sending application, none of your custom 
rules will match, so the "main" table will be used. But it contains no 
default route.

By the way, in your setup I don't understand how the destinations 
10.10.100.100/24 and 10.10.100.101/24 are routed.