Re: iproute2, alternative tables, no default route: routing trouble for localhost
В Птн, 18/08/2006 в 17:16 +0200, Pascal Hambourg пишет:
> Hello,
>
> Pokotilenko Kostik a écrit :
> >
> > 1. There 3 servers and a router with 2 PPPoE connections (let call them:
> > ppp0, ppp1).
> > 2. There are several groups of Inet-clients to be served (Servers,
> > Clients and Club).
> > 3. The task is:
> > - to route Club through the ppp1;
> > - to Servers and Clients through ppp0;
> [...]
> > router # netstat -nr
> > Kernel IP routing table
> > Destination Gateway Genmask Flags MSS Window irtt Iface
> > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> > a1.a2.a3.a4 0.0.0.0 255.255.255.255 U 0 0 0 ppp0
> > b1.b2.b3.b4 0.0.0.0 255.255.255.255 U 0 0 0 ppp1
> [...]
> > router # ip rule ls
> > 0: from all lookup local
> > 32763: from 10.10.100.101/24 lookup Club
> > 32764: from 10.10.100.100/24 lookup Clients
>
> There's something wrong with these two rules. 10.10.100.101/24 and
> 10.10.100.100/24 are not valid subnets. And if the IP routing strips the
> irrelevant least significant byte, they are actually identical subnets :
> 10.10.100.0/24.
I'm sorry, this is typo while writing message. The correct subnets are
10.10.101.0/24 and 10.10.100.0/24.
> > 32765: from 192.168.1.0/24 lookup Servers
> > 32766: from all lookup main
> > 32767: from all lookup default
> >
> > router # ip route ls table Clients
> > default via a1.a2.a3.a4 dev ppp0
>
> You should set an exception for eth0's address, else the router won't be
> able to reach 192.168.1.0/24 with this source address.
That's right. I've already added this one.
> > router # ip route ls table Servers
> > default via a1.a2.a3.a4 dev ppp0
> >
> > router # ip route ls table Club
> > default via b1.b2.b3.b4 dev ppp1
> >
> > ========================================
> >
> > So, to summarize, the is no default route in main routing table. Each
> > group of clients is to be routed through its respective connection, and,
> > when its connection is down it is not to be routed.
> >
> > This scheme works almost fine, 10.10.100.100/24 addresses are really
> > being routed through ppp0, 10.10.100.101/24 through ppp1 and
> > 192.168.1.0/24 (3 Servers) through ppp0. BUT the router itself
> > (192.168.1.4) has no route to any host.
>
> Yes it has routes to some hosts : see the 'main' routing table. Did you
> mean "no route to any host but 192.168.1.0 and the two PPP peers" ?
That's right.
> > I get "network is unreachable"
> > to any connection attempt from 192.168.1.4. And I can't connect to this
> > router from outside, because the packets have no route to be sent back.
> >
> > I thought that there is different routing politics for localhost and
> > added default route to "local" table. 192.168.1.4 has started to have
> > the route, but the rest of the scheme started to work incorrectly.
>
> Don't do that. The "local" routing table is intended only for special
> routes such as localhost or broadcast routes.
>
> > So, the question is: how does the routing of packets comming from
> > localhost is being accomplished?
>
> In the same way as the routing of forwarded packets. From "ip rule"
> point of view, locally generated traffic is selected with "iif lo" (see
> iproute manual). Be aware that when the local source address is not
> explicitly specified by the sending application, none of your custom
> rules will match, so the "main" table will be used. But it contains no
> default route.
# ip rule add dev lo table Servers
Solved my problem! I've spent 3 day searching for the answer. I'll make
more testing tomorrow.
So, correct me if I'm wrong: even if the local sending application
wouldn't explicitly specify source IP address it will in any way be put
to "Servers" table because it is from "lo" interface(??).
> By the way, in your setup I don't understand how the destinations
> 10.10.100.100/24 and 10.10.100.101/24 are routed.
That was a typo.
Thanks alot.
--
Покотиленко Костик <casper@meteor.dp.ua>
Reply to: