Re: multiple nic/IP in firewall

[Roberto Scattini <roberto.scattini@gmail.com>]

On Wed, Jan 23, 2013 at 9:45 PM, Tom Furie <tom@furie.org.uk> wrote:

On Tue, Jan 22, 2013 at 07:54:25PM -0300, Roberto Scattini wrote:

> ~# route -n
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> XX.220.XX.176  0.0.0.0         255.255.255.255 UH    0      0        0 eth3
> YY.20.YY.0      0.0.0.0         255.255.255.255 UH    0      0        0 eth4
> XX.220.XX.176  0.0.0.0         255.255.255.252 U     0      0        0 eth3
> 192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 eth2
> YY.20.YY.0      0.0.0.0         255.255.255.0   U     0      0        0 eth4
> 0.0.0.0         XX.220.XX.177  0.0.0.0         UG    0      0        0 eth3

I just noticed here, that your YY traffic is being routed over your
default gateway, that should probably have a next hop specific to that
network. You also probably want to remove the YY.20.YY.0 host route.

This might not solve the whole problem, but it will get some of it out
of the way.

i dont fully understand what nexthop means...

previously carlos recommended this line:

ip route add default scope global nexthop via XX.220.XX.177 dev eth3 weight 1 nexthop via YY.20.YY.Y dev eth4 weight 1

sadly, i tried but it didnt work. 

i find iproute docs a little criptic,if someone could explain me what is the meaning of the words "default scope global nexthop" maybe i can get it working...

i will continue with my research...

--
Roberto Scattini