advanced routing q
shimi
linux-il at shimi.net
Thu Sep 6 22:18:05 IDT 2012
On Wed, Sep 5, 2012 at 8:28 AM, Erez D <erez0001 at gmail.com> wrote:
>
>
> On Mon, Aug 20, 2012 at 10:52 AM, shimi <linux-il at shimi.net> wrote:
>
>>
>> On Aug 20, 2012 9:34 AM, "Erez D" <erez0001 at gmail.com> wrote:
>> >
>> > hello
>> >
>> >
>> > i have a server with two eth ports, each connects to a different
>> router, and then to the internet.
>> > i want all normal trafic to the internet to go via router 1 (eth0), so
>> i added a default route to it
>> > i want connections TCP coming from all over the internet to the second
>> router(eth1), to be accepted.
>> >
>> > the problem is that altough connections are coming from eth1, due to
>> the default route, they are answered from eth0, which means a tcp
>> connection can not be established.
>> > i know that linux has a conntrack module, can i use it to tell the
>> kernel to answer on the same eth it got SYN from ?
>>
>> Are the two ports on the same netblock?
>>
> what do you mean by that ?
>
I mean that one is 10.1.2.3 with netmask 255.255.255.0 and the other is
10.1.2.4 with netmask 255.255.255.0, for example. That means that they're
both on the same network block.
> If so, can they be separated to two non overlapping blocks?
>>
> didn't get that
>
So that one would be 10.1.2.3 with netmask 255.255.255.0 and the other
would be 10.1.3.3 with netmask 255.255.255.0
>
>
> i have many clients from many differnet ips connecting to my server. the
> server has two eth interfaces, with many ports open.
> there is no relation between eth and port, the same port can receive
> connections from either interface.
> i just want to route the relayed packets of the same connection to the eth
> the syn packet came from.
>
So, the solution I gave you in the original mail is supposed to work.
I only forgot one word in the command I gave over mobile, so now I'll give
the full solution when it's easier to type.
Variables (assumptions) :
IP address currently going through DGW that shouldn't be: 1.2.3.4
Alternative gateway for 1.2.3.4: 1.2.3.254
First, create an alternative routing table for traffic coming from the IP
that is not supposed to go to the default GW:
# ip route add 0.0.0.0/0 via 1.2.3.254 table 200
Then, ask Linux to use that routing table whenever the source of the
traffic is from 1.2.3.4:
# ip rule add from 1.2.3.4 table 200
200 is an arbitrary number. You could use an alias for it to look nicer; If
you want that, you can alias a name to a number by editing
/etc/iproute2/rt_tables. There are examples there you can copy from. If you
have an alias for the number, you can use it in both the ip route and ip
rule commands, instead of the number.
That's it, I believe.
If it still doesn't work, you may be looking at the route cache. You can
wait some time, or issue an:
# ip route flush cache
If it still doesn't work (or commands fail...), be sure to have iproute2
utilities and support in the kernel.
Good luck,
-- Shimi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20120906/f878ea14/attachment.html>
More information about the Linux-il
mailing list