[LARTC] Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.

Tue, 13 Feb 2007 05:50:32 -0800 

Hi all,

I'm trying to set up a computer with 2 routes to the internet, much as 
described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One of my 
interfaces (eth5, 192.168.2.2) is only used for traffic originating inside 
the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all 
(udp) traffic originates from outside our network. I have created a second 
routing table for eth1, with its own default gateway, and selected it with
ip rule from 192.168.1.2 iif lo lookup 4. All this works fine.
My problem is that one of the udp ports is forwarded to another server using 
iptables:
/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport 
4902 -j DNAT --to 192.168.12.5:4902

using tcpdump on eth1, I can see that the incoming packets receive an icmp 
rejection, and when I try something like

ip route get 192.168.12.5 from 64.233.183.103 iif eth1
I get "RTNETLINK answers: Invalid argument"

If I try 
ip route get 192.168.12.5 from 64.233.183.103 iif eth5
I get
192.168.12.5 from 64.233.183.103 dev eth3  src 192.168.2.2
    cache  mtu 1500 advmss 1460 metric 10 64 iif eth5

which leads me to conclude that the difference has something to do with the 
default route.
I've tried things like
ip rule add iif eth1 lookup 4   (4 being my custom routing table)
ip rule add from 192.168.1.2 lookup 4

and even
iptables -t nat -I PREROUTING -i eth1 -p udp -j MARK --set-mark 1
ip rule from all fwmark 0x1 lookup 4
ip route flush cache

I'm using linux 2.6.19.2 + grsecurity patches, every option I could find 
compiled in, on an up to date gentoo system.

Can anyone see what I'm missing?

Thanks,

Paul Viney


ip route show
192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
127.0.0.0/8 dev lo  scope link
default via 192.168.2.1 dev eth5

ip route show table 4
192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
127.0.0.0/8 dev lo  scope link
default via 192.168.1.1 dev eth1

ip rule show
0:      from all lookup local
9999:   from all fwmark 0x1 lookup 4
10000:  from 192.168.1.2 iif lo lookup 4
30000:  from all lookup main
30000:  from all lookup default
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Reply via email to