On Fri, 2008-07-25 at 15:48 -0600, Ed Brown wrote: > If this works, I'll eat my hat AND my humble pie. :-) I don't have > any experience with multiple routing tables, but I can't believe any > "from" rule is going to apply to the systems own interfaces. The > outbound interface to use was _determined_ by the routing tables, it > can't be a factor in the routing. But I'm intrigued enough that I'll > try testing this at home this weekend if I can figure out a test > setup, if only to learn more about why you'd have more than one > routing table. Will also see about the behavior of multiple gateways > when apps are bound to interfaces...
Ed, I hope your hungry. :) This is well documented behavior that I've been using for years. There are plenty of examples on the Internet, the most common being systems with multiple internet connections that are not peered, thus requiring replies to traffic that ingress via a specific interface to egress via the same interface. You are 100% correct that the outbound interface is determined by the routing tables, but what you don't seem to know is that Linux uses "rules" to determine which route table to use for a give source address, and these rules apply BEFORE this decision has taken place (kind of like the PREROUTING chain in IPTABLES). Even better, you can modify these rules. You can run the following to see the default setup: # ip rule show 0: from all lookup 255 32766: from all lookup main 32767: from all lookup default So, as you can see, there is a special "priority 0" rule which uses route table 255, this is used for "intra-box" traffic and is not really important in this context. Notice that the next highest rule, 32766 says that for traffic from ALL ip adresses use the "main" route table. That means I can insert 32765 rules that change this default behavior. Running my commands inserts a new rule into this logic: 0: from all lookup 255 500: from 120.207.9.13 lookup 1 32766: from all lookup main 32767: from all lookup default So I've added a rule, with a higher priority than the main rule, which says, if the source IP address 120.207.9.13, you should use route table #1, not the main route table, to determine the outbound interface and gateway. Everything else continues to fall to the main route table. Some very good references: http://lartc.org/howto/lartc.rpdb.html http://lartc.org/howto/lartc.rpdb.multiple-links.html In the end, I'm not sure this is the original posters problem, but the conversation sure went down a interesting path. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
