Re: Pb : Routing with multiples interfaces

[Frédéric Massot <frederic@juliana-multimedia.com>]

Hans van Kranenburg wrote:
> Hey,
[...]
>
> > # LEASED LINE
> > ip rule add prio 203 from $NETWORK_LL/$PREFIX_LL table 203
> > ip route add default via $GATEWAY_LL dev $INTERFACE_LL src $IP_LL proto
> > static table 203
> > ip route append prohibit default table 203 metric 1 proto static
>
> The src $IP_LL is specified in the ip route add line for table 203. So
> the source address for the packet must be known and match $IP_LL,
> otherwise this route will be ignored.
>
> I seems you used this nice howto: http://www.ssi.bg/~ja/nano.txt Read
> section '2.3.3 Setup of the default routes' again, carefully: "The
> tricky part is, what the patches are doing here: They look at the local
> source address" etc... is what I mean.
>
>
> > # SMTP MARK
> > ip rule add prio 103 fwmark 0x25 table 203
>
>
> So table 203 gets looked up, but the default route to $INTERFACE_LL
> won't get used. Instead one route of the multipath default route will be
> chosen.
>
>
> > ip rule add prio 222 table 222
> > ip route add default table 222 proto static \
> >   nexthop via $GATEWAY_DSL1 dev $INTERFACE_DSL1 weight 10 \
> >   nexthop via $GATEWAY_DSL2 dev $INTERFACE_DSL2 weight 10 \
> >   nexthop via $GATEWAY_LL dev $INTERFACE_LL weight 1
>
>
> I solved this problem by creating two extra routing tables. By directing
> traffic which routing is forced to an outgoing line to a routing table
> without the src address specified it matches a connectino that get
> initiated.

I modified the STMP MARK rule and I created a new routing table (204), 
like this :

#SMTP MARK
ip rule add prio 103 fwmark 0x25 table 204
ip route add default via $GATEWAY_LL dev $INTERFACE_LL proto static 
table 204

But, I have the same problem :

# tcptraceroute -d -i eth2 -s 192.168.2.1 smtp.juliana-multimedia.com 25
debug: device set to eth2
debug: Discovered interface eth0 with address 192.168.1.1
debug: Discovered interface eth1 with address 192.168.0.1
debug: Discovered interface eth2 with address 192.168.2.1
debug: Determined source address of 192.168.1.1 to reach 213.223.240.194

The selected source address for the eth2 interface is 192.168.1.1, this 
is wrong, the good source address is 192.168.2.1

I don't understand why the multipath default route is chosen.  :o(

Thes Linux Box receives the internal mail on its internal interface. 
Postfix/Amavis/Clamav/Spamassassin check this mail and sends it on the 
LL interface ($INTERFACE_LL - $IP_LL).

I use these rules to mark the paquets :

iptables -t mangle -A OUTPUT -o $INTERFACE_DSL1 -p tcp --dport 25 -j 
MARK --set-mark 0x25
iptables -t mangle -A OUTPUT -o $INTERFACE_DSL2 -p tcp --dport 25 -j 
MARK --set-mark 0x25
iptables -t mangle -A OUTPUT -o $INTERFACE_LL -p tcp --dport 25 -j MARK 
--set-mark 0x25

And these for NAT :

iptables -t nat -A POSTROUTING -o $INTERFACE_DSL1 -j SNAT --to-source 
$IP_DSL1
iptables -t nat -A POSTROUTING -o $INTERFACE_DSL2 -j SNAT --to-source 
$IP_DSL2
iptables -t nat -A POSTROUTING -o $INTERFACE_LL -j SNAT --to-source $IP_LL


Regards.
--
==============================================
|              FREDERIC MASSOT               |
|     http://www.juliana-multimedia.com      |
|   mailto:frederic@juliana-multimedia.com   |
===========================Debian=GNU/Linux===