RE: Multipath Routing

To: "'Pascal Hambourg'" <pascal.mail@plouf.fr.eu.org>, <debian-firewall@lists.debian.org>
Subject: RE: Multipath Routing
From: "James Stevenson" <james@stev.org>
Date: Fri, 13 Jan 2006 19:35:52 -0000
Message-id: <[🔎] 200601131943.k0DJhRL14888@stev.org>
In-reply-to: <[🔎] 43C75FAC.8060605@plouf.fr.eu.org>

> > I seem to have some problems with this. I am not sure if it would fall
> under
> > firewall but since netfilter is involed I will try anyway.
> >
> > The current problem I am having is there are 2 internet connections.
> Either
> > 1 or the other internet connection will work fine.
> >
> > However I am trying to use both at the same time. I was doing it in the
> > following way.
> >
> > Conn1: is normally on ppp0
> 
> "Normally" ? :-D

Yes normally. As in there are other interfaces that create ppp interfaces.
pptp client in this case.

> > Conn2: is on eth1
> > Local: is on eth0
> >
> > Both ppp0 and eth1 are connected using different isp's
> > And I was hoping todo a load balance with them as well as have some
> > redundancy.
> >
> > However NAT is performed on both of this interfaces because eth0 is
> build of
> > private addresses. I can get the multipath route's to work and NAT does
> > occur but then packets with the wrong source address go out the wrong
> > interface. Eg Packets with source address of ppp0 goes out eth1 etc..
> 
> What is your exact NAT and routing setup ?
> 
> > Currently I am separating this using a command like
> > ip rule add from <ppp0 ip address> lookup Conn1
> > ip rule add from <eth1 ip address> lookup Conn2
> >
> > But this doesn't seem to make any difference to the packets after NAT is
> > performed on them.
> 
> You must be aware that source NAT (SNAT) or masquerading (MASQUERADE)
> are performed by iptables in the POSTROUTING chain, that is *after* the
> routing phase. So it does not influence routing which sees only original
> source addresses. You can have an quick overview of an IP packet path
> through Netfilter and IP routing in Linux 2.4 on this page :
> http://www.plouf.fr.eu.org/bazar/netfilter/schema_netfilter.txt

This looks like what is happening. If there a way todo nat before the
POSTROUTING chain ? Or is there a way to force it to recalculate the route
After the address translation takes place.

> By the way, did you check that reverse path filtering is disabled in the
> kernel settings for both external interfaces, since it is incompatible
> with multihoming ?

If you mean the rp_filter option in /proc/sys/net then yes this is turned
off.


	James

Reply to:

Follow-Ups:
- Re: Multipath Routing
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

References:
- Re: Multipath Routing
  - From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>

Prev by Date: Re: Multipath Routing
Next by Date: Re: Multipath Routing
Previous by thread: Re: Multipath Routing
Next by thread: Re: Multipath Routing
Index(es):
- Date
- Thread