Re: policy routing problem

To: debian-firewall@lists.debian.org
Subject: Re: policy routing problem
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Thu, 29 Nov 2007 15:54:11 +0100
Message-id: <[🔎] 474ED293.1010409@plouf.fr.eu.org>
In-reply-to: <[🔎] 5bd2109b0711290618y68998690r46896095967d4fa5@mail.gmail.com>
References: <[🔎] 5bd2109b0711290618y68998690r46896095967d4fa5@mail.gmail.com>

Hello,

Alexandr Shurigin a écrit :


ip route add 87.224.167.g1 dev eth1 table ETH1
ip route add default via 87.224.167.g1 dev eth1 table ETH1
ip route add 212.49.121.g2 dev eth3 table ETH3
ip route add default via 212.49.121.g2 dev eth3 table ETH3

iptables -t mangle -A OUTPUT -m owner --uid-owner 108 -j MARK --set-mark 1

ip rule add fwmark 1 pri 100 table ETH3

iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to-source=212.49.121.g2

echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter

ip rule add from 87.224.167.add1 pri 200 table ETH1
ip rule add from 212.49.121.addr2 pri 250 table ETH2

                                                  ^^^^
Isn't it ETH3 ?

which resolves problem with 2 internet providers andd their routers.
all works fine.

But network 192.168.1.0/24 which is at interface eth2 cannot ping ip
addresses of eth1 and eth3 server interfaces.

The reply has the source address of eth1 resp. eth3 thus is routedaccording to the ETH1 resp. ETH3 routing tables. Since these tablescontain no specific route to the destination 192.168.1.0/24, theirdefault route is used, which tells to send the packet through interfaceeth1 resp. eth3 instead of eth2.


Try the following quick fix :

ip route add 192.168.1.0/24 dev eth2 table ETH1
ip route add 192.168.1.0/24 dev eth2 table ETH3

Reply to:

References:
- policy routing problem
  - From: "Alexandr Shurigin" <alexandr.shurigin@gmail.com>

Prev by Date: policy routing problem
Next by Date: Re: policy routing problem
Previous by thread: policy routing problem
Next by thread: Re: policy routing problem
Index(es):
- Date
- Thread