[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Pb : Routing with multiples interfaces

Hi,

I use for a customer a Linux router/firewall with 1 internal interface
and 3 external interfaces connected to 3 different ISP.

These 3 ISP are different bandwith, 2 ADSL (8192/256 and 1024/256) and 1
leased line (512/512), sometimes DSL lines are down.

DSL1 on eth1 with IP 192.168.0.1
DSL2 on eth0 with IP 192.168.1.1
LL   on eth2 with IP 192.168.2.1

I use a kernel 2.6.17 with a routes patch from Julian Anastasov.
The leased line (eth2) is used for the sending of the emails. The reception of the emails is done on the three external connections. The access to the Web is preferably routed towards ADSL lines.
For a few days the sending of emails has been done intermittently. While using tcptraceroute I realized that sometimes the IP source is badly selected. 

# tcptraceroute -d -i eth2 -s 192.168.2.1 smtp.juliana-multimedia.com 25
debug: tcptraceroute 1.5beta6, i686-pc-linux-gnu
debug: Compiled with libpcap 0.7.2, libnet 1.1.2.1 (API 110)
debug: device set to eth2
debug: entering getinterfaces()
debug: ifreq buffer set to 32
debug: Successfully retrieved interface list
debug: Discovered interface eth0 with address 192.168.1.1
debug: Discovered interface eth1 with address 192.168.0.1
debug: Discovered interface eth2 with address 192.168.2.1
debug: Discovered interface lo with address 127.0.0.1
debug: Discovered interface br0 with address 10.0.0.3
debug: leaving getinterfaces()
debug: Determined source address of 192.168.1.1 to reach 213.223.240.194
debug: Setting o_syn, in absence of either o_syn or o_ack
debug: debugoptions():
debug:         TEXTSIZE: 1024        SNAPLEN: 92     IPTOSBUFFERS: 12
debug: ALLOCATEID_CACHE: 512        datalink: 1    datalinkoffset: 14
debug:         o_minttl: 1          o_maxttl: 30        o_timeout: 3
debug:          o_debug: 1         o_numeric: 0          o_pktlen: 0
debug:       o_nqueries: 3        o_dontfrag: 0             o_tos: 0
debug:      o_forceport: 0             o_syn: 1             o_ack: 0
debug:            o_ecn: 0        o_nofilter: 0 o_nogetinterfaces: 0
debug:      o_trackport: 0      datalinkname: ETHERNET     device: eth2
debug: o_noselect: 0 o_dnat: 0 isn: 1442432041 
Selected device eth2, address 192.168.2.1, port 35227 for outgoing packets
debug: pcap filter is:
(tcp and src host 213.223.240.194 and src port 25 and dst host 192.168.2.1) 
   or ((icmp[0] == 11 or icmp[0] == 3) and dst host 192.168.2.1)
Tracing the path to smtp.juliana-multimedia.com (213.223.240.194) on TCP port 25 (smtp), 30 hops max 
debug: Generating a new batch of 512 IP ID's
libnet_write failed?  Attempted to write 40 bytes, only wrote -1


There are a problem on line 13 of the debug output:
  Determined source address of 192.168.1.1 to reach 213.223.240.194

The good address is 192.168.2.1 not 192.168.1.1

When the emails are well sent the debug output is:
  Determined source address of 192.168.2.1 to reach 213.223.240.194


Below my script for multipath route :

<------------------SCRIPT----------------------------->
ip route flush cache
echo 15 > /proc/sys/net/ipv4/route/gc_elasticity

# INTERNAL INTERFACE
ip rule del prio 50 table main
ip rule add prio 50 table main
ip route del default table main


# ADSL1
ip link set $INTERFACE_DSL1 up
ip addr flush dev $INTERFACE_DSL1
ip addr add $IP_DSL1/$PREFIX_DSL1 brd $BROADCAST_DSL1 dev $INTERFACE_DSL1


# ADSL2
ip link set $INTERFACE_DSL2 up
ip addr flush dev $INTERFACE_DSL2
ip addr add $IP_DSL2/$PREFIX_DSL2 brd $BROADCAST_DSL2 dev $INTERFACE_DSL2


# LEASED LINE
ip link set $INTERFACE_LL up
ip addr flush dev $INTERFACE_LL
ip addr add $IP_LL/$PREFIX_LL brd $BROADCAST_LL dev $INTERFACE_LL


# ADSL1
ip rule del prio 201 from $NETWORK_DSL1/$PREFIX_DSL1 table 201
ip rule add prio 201 from $NETWORK_DSL1/$PREFIX_DSL1 table 201
ip route del default via $GATEWAY_DSL1 dev $INTERFACE_DSL1 src $IP_DSL1 proto static table 201 ip route add default via $GATEWAY_DSL1 dev $INTERFACE_DSL1 src $IP_DSL1 proto static table 201 
ip route append prohibit default table 201 metric 1 proto static


# ADSL2
ip rule del prio 202 from $NETWORK_DSL2/$PREFIX_DSL2 table 202
ip rule add prio 202 from $NETWORK_DSL2/$PREFIX_DSL2 table 202
ip route del default via $GATEWAY_DSL2 dev $INTERFACE_DSL2 src $IP_DSL2 proto static table 202 ip route add default via $GATEWAY_DSL2 dev $INTERFACE_DSL2 src $IP_DSL2 proto static table 202 
ip route append prohibit default table 202 metric 1 proto static


# LEASED LINE
ip rule del prio 203 from $NETWORK_LL/$PREFIX_LL table 203
ip rule add prio 203 from $NETWORK_LL/$PREFIX_LL table 203
ip route del default via $GATEWAY_LL dev $INTERFACE_LL src $IP_LL proto static table 203 ip route add default via $GATEWAY_LL dev $INTERFACE_LL src $IP_LL proto static table 203 
ip route append prohibit default table 203 metric 1 proto static


# SMTP MARK
ip rule del prio 103
ip rule add prio 103 fwmark 0x25 table 203


ip rule del prio 222 table 222
ip rule add prio 222 table 222
ip route del default table 222
ip route add default table 222 proto static \
   nexthop via $GATEWAY_DSL1 dev $INTERFACE_DSL1 weight 10 \
   nexthop via $GATEWAY_DSL2 dev $INTERFACE_DSL2 weight 10 \
   nexthop via $GATEWAY_LL dev $INTERFACE_LL weight 1


ip route flush cache
<------------------SCRIPT----------------------------->

The marks are fixed with Iptables.


Do you see my error?

I do not understand why the routing does not run correctly.


Regards.
--
==============================================
|              FREDERIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |
===========================Debian=GNU/Linux===
Reply to: