Re: Network routing on multi-homed system

To: debian-user@lists.debian.org
Cc: Isaac Freeman <isaac@us.ibm.com>
Subject: Re: Network routing on multi-homed system
From: Pascal Hambourg <pascal@plouf.fr.eu.org>
Date: Sat, 02 Aug 2014 20:45:11 +0200
Message-id: <[🔎] 53DD31B7.9080405@plouf.fr.eu.org>
In-reply-to: <[🔎] OFE0577237.6DA6F248-ON87257D27.0066D083-85257D27.006A35E2@us.ibm.com>
References: <[🔎] OFE0577237.6DA6F248-ON87257D27.0066D083-85257D27.006A35E2@us.ibm.com>

Hello,

Isaac Freeman a écrit :
> 
> iface eth1 inet static
> 	address 172.1.1.40
> 	netmask 255.255.255.224
> 
> 	# routing
> 	post-up ip route add 172.1.1.62/32 dev eth1 src 172.1.1.40 table external
> 	post-up ip route add default via 172.1.1.62 table external
> 	post-up ip rule add from 172.1.1.40 table external
> 	post-down ip rule del from 172.1.1.40 table external

IMO, your special routing is broken. Not all packets with the given
source address should be sent to the gateway, but only packets with a
destination address outside the LAN. Packets with a destination address
inside the LAN should be sent directly.

Either route the LAN prefix using the main table :

	post-up ip rule add to 172.1.1.32/27 table main

(to be created after thus inserted before the "from" rule)
or add a direct route for the prefix in the special table :

	post-up ip route add 172.1.1.32/27 dev eth1 table external

Same for both interfaces and servers.

Note : the routes to the gateways should not be necessary.

Reply to:

Follow-Ups:
- Re: Network routing on multi-homed system
  - From: Isaac Freeman <isaac@us.ibm.com>

References:
- Network routing on multi-homed system
  - From: Isaac Freeman <isaac@us.ibm.com>

Prev by Date: Re: fsck progress not shown on boot with systemd as pid 1
Next by Date: Re: Skype access cancelled for Debian versions before 7
Previous by thread: Network routing on multi-homed system
Next by thread: Re: Network routing on multi-homed system
Index(es):
- Date
- Thread