Re: Pb : Routing with multiples interfaces

To: debian-firewall@lists.debian.org
Subject: Re: Pb : Routing with multiples interfaces
From: Hans van Kranenburg <od251@xs4all.nl>
Date: Fri, 08 Sep 2006 20:09:49 +0200
Message-id: <[🔎] 4501B1ED.5090509@xs4all.nl>
In-reply-to: <[🔎] 450198AA.9070809@juliana-multimedia.com>
References: <[🔎] 450198AA.9070809@juliana-multimedia.com>

Hey,

Frédéric Massot wrote:
> 
> These 3 ISP are different bandwith, 2 ADSL (8192/256 and 1024/256) and 1
> leased line (512/512), sometimes DSL lines are down.
> 
> DSL1 on eth1 with IP 192.168.0.1
> DSL2 on eth0 with IP 192.168.1.1
> LL   on eth2 with IP 192.168.2.1
> 
> I use a kernel 2.6.17 with a routes patch from Julian Anastasov.
> 
> The leased line (eth2) is used for the sending of the emails. The
> reception of the emails is done on the three external connections. The
> access to the Web is preferably routed towards ADSL lines.
> 
> For a few days the sending of emails has been done intermittently. While
> using tcptraceroute I realized that sometimes the IP source is badly
> selected.

Which machine sends email? The router itself, or a mailserver that's
behind the router?

An alternative to using iproute and fwmarks is to specify the address to
bind when opening a smtp connection to another server. E.g. I use
postfix on a host with multiple IP's, and specify the address touse for
outgoing mail in master.cf like:

smtp  unix  - - - - -   smtp -o smtp_bind_address=a.b.c.d

When sending server is placed behind the router... routing should do the
trick... I use the same setup here in the building, to send mail via a
dsl line that's not the default outgoing route.

> # LEASED LINE
> ip rule add prio 203 from $NETWORK_LL/$PREFIX_LL table 203
> ip route add default via $GATEWAY_LL dev $INTERFACE_LL src $IP_LL proto
> static table 203
> ip route append prohibit default table 203 metric 1 proto static

The src $IP_LL is specified in the ip route add line for table 203. So
the source address for the packet must be known and match $IP_LL,
otherwise this route will be ignored.

I seems you used this nice howto: http://www.ssi.bg/~ja/nano.txt Read
section '2.3.3 Setup of the default routes' again, carefully: "The
tricky part is, what the patches are doing here: They look at the local
source address" etc... is what I mean.

> # SMTP MARK
> ip rule add prio 103 fwmark 0x25 table 203

So table 203 gets looked up, but the default route to $INTERFACE_LL
won't get used. Instead one route of the multipath default route will be
chosen.

> ip rule add prio 222 table 222
> ip route add default table 222 proto static \
>    nexthop via $GATEWAY_DSL1 dev $INTERFACE_DSL1 weight 10 \
>    nexthop via $GATEWAY_DSL2 dev $INTERFACE_DSL2 weight 10 \
>    nexthop via $GATEWAY_LL dev $INTERFACE_LL weight 1

I solved this problem by creating two extra routing tables. By directing
traffic which routing is forced to an outgoing line to a routing table
without the src address specified it matches a connectino that get
initiated.

I put some parts of my scripts online. (I don't promise they will be
there forever) In this example I use a DSL line (xs4all) and a PPPoE
connection (university campus network). Outgoing SMTP traffic from
behind the router will be forwarded to the DSL line.

http://od11.fttd-s.tudelft.nl/~knorrie/iproute/
(It has some dutch comments in it.)

Also look at the use of -j CONNMARK --save-mark and --restore-mark for
NAT traffic, using those can prevent headaches.

HTH, Have fun,
Hans van Kranenburg

Reply to:

Follow-Ups:
- Re: Pb : Routing with multiples interfaces
  - From: Frédéric Massot <frederic@juliana-multimedia.com>

References:
- Pb : Routing with multiples interfaces
  - From: Frédéric Massot <frederic@juliana-multimedia.com>

Prev by Date: Pb : Routing with multiples interfaces
Next by Date: Sebha Halha Jana
Previous by thread: Pb : Routing with multiples interfaces
Next by thread: Re: Pb : Routing with multiples interfaces
Index(es):
- Date
- Thread