On Thu, Sep 6, 2012 at 10:18 PM, shimi <[email protected]> wrote: > > > On Wed, Sep 5, 2012 at 8:28 AM, Erez D <[email protected]> wrote: > >> >> >> On Mon, Aug 20, 2012 at 10:52 AM, shimi <[email protected]> wrote: >> >>> >>> On Aug 20, 2012 9:34 AM, "Erez D" <[email protected]> wrote: >>> > >>> > hello >>> > >>> > >>> > i have a server with two eth ports, each connects to a different >>> router, and then to the internet. >>> > i want all normal trafic to the internet to go via router 1 (eth0), so >>> i added a default route to it >>> > i want connections TCP coming from all over the internet to the second >>> router(eth1), to be accepted. >>> > >>> > the problem is that altough connections are coming from eth1, due to >>> the default route, they are answered from eth0, which means a tcp >>> connection can not be established. >>> > i know that linux has a conntrack module, can i use it to tell the >>> kernel to answer on the same eth it got SYN from ? >>> >>> Are the two ports on the same netblock? >>> >> what do you mean by that ? >> > > I mean that one is 10.1.2.3 with netmask 255.255.255.0 and the other is > 10.1.2.4 with netmask 255.255.255.0, for example. That means that they're > both on the same network block. > of course they are not on the same network. not so smart to have two interfaces with same network - unless you do static routing, you depend on the order of the interfaces coming up ...
> If so, can they be separated to two non overlapping blocks? >>> >> didn't get that >> > > So that one would be 10.1.2.3 with netmask 255.255.255.0 and the other > would be 10.1.3.3 with netmask 255.255.255.0 > >> >> >> i have many clients from many differnet ips connecting to my server. the >> server has two eth interfaces, with many ports open. >> there is no relation between eth and port, the same port can receive >> connections from either interface. >> i just want to route the relayed packets of the same connection to the >> eth the syn packet came from. >> > > > So, the solution I gave you in the original mail is supposed to work. > > I only forgot one word in the command I gave over mobile, so now I'll give > the full solution when it's easier to type. > > Variables (assumptions) : > > IP address currently going through DGW that shouldn't be: 1.2.3.4 > Alternative gateway for 1.2.3.4: 1.2.3.254 > 1.2.3.4 and 1.2.3.254 are on the same network. for youe example above, it would be 10.1.2.254 and 10.1.3.254 > First, create an alternative routing table for traffic coming from the IP > that is not supposed to go to the default GW: > > # ip route add 0.0.0.0/0 via 1.2.3.254 table 200 > > Then, ask Linux to use that routing table whenever the source of the > traffic is from 1.2.3.4: > > # ip rule add from 1.2.3.4 table 200 > > although the packet will come from router 1.2.3.4 , the source ip on the packet are not 1.2.3.4, so this rule is uselsss (i also checked it and it didn't work) i tried also: ip rule add dev eth1 table 200 - didn't work either the syntax does not allow me to write 'ip rule add from dev eth1...' - i.e. can't add 'from' so i guess i need to tag the packes some way with a iptables rule, and then add an 'ip rule' or maybe somone knows of a better way. thanks shimi. erez. 200 is an arbitrary number. You could use an alias for it to look nicer; If > you want that, you can alias a name to a number by editing > /etc/iproute2/rt_tables. There are examples there you can copy from. If you > have an alias for the number, you can use it in both the ip route and ip > rule commands, instead of the number. > > That's it, I believe. > > If it still doesn't work, you may be looking at the route cache. You can > wait some time, or issue an: > > # ip route flush cache > > If it still doesn't work (or commands fail...), be sure to have iproute2 > utilities and support in the kernel. > > Good luck, > > -- Shimi >
_______________________________________________ Linux-il mailing list [email protected] http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
