[Shorewall-users] MutiIsp-PPTP traffic routes

Mike Thu, 27 Dec 2007 13:05:57 -0800

I have a multi-Isp Setup and when connecting via poptop 
I belive that the firewall does not know to route the traffic back 
out of ISP1. Not sure how to tackle this issue. Does anyone have
a suggestion?



Mike

Poptop connects to ISP1 From the net

ISP2 is a gateway in the local network
providers
ISP1    1       256     main    eth0    208.48.178.121
track,balance   eth1
ISP2    2       512     main    eth1    10.5.198.238
track,balance   eth1

masq

eth0            10.5.198.0/24           208.48.178.122
eth1            208.48.178.122          10.5.198.254

tunnels

#TYPE                   ZONE    GATEWAY         GATEWAY
#
openvpn:7777    net     131.191.70.21
openvpn:5000    net     205.134.193.138
pptpserver      net              0.0.0.0/0

interfaces

#ZONE   INTERFACE       BROADCAST       OPTIONS
net     eth0    detect  norfc1918,tcpflags,nosmurfs
loc     eth1    detect  routeback
loc     ppp+
vpnt    tun1
vpno    tun0

ns2:~ # ip route ls
172.16.2.1 dev tun1  proto kernel  scope link  src 172.16.2.2 
172.16.1.1 dev tun0  proto kernel  scope link  src 172.16.1.2 
208.48.178.120/29 dev eth0  proto kernel  scope link  src 208.48.178.122 
192.168.1.0/24 via 172.16.2.1 dev tun1 
10.19.227.0/24 via 172.16.1.1 dev tun0 
10.5.198.0/24 dev eth1  proto kernel  scope link  src 10.5.198.254 
63.90.86.0/24 via 10.5.198.238 dev eth1 
169.254.0.0/16 dev eth0  scope link 
127.0.0.0/8 dev lo  scope link 
default 
        nexthop via 208.48.178.121  dev eth0 weight 1
        nexthop via 10.5.198.238  dev eth1 weight 1

This is a dump of eth1 the local interface when pinging a local address
through the tunnel. 10.5.198.191 is an IP from poptops IP pool.
10.5.198.191 is trying to ping 10.5.198.1 from the net poptop vpn.
My guess is that the firewall is trying to route the reply through
the 10.5.198.238 gateway.
I am thinking that 10.5.198.191 


ns2:~ # tcpdump -nei eth1 host 10.5.198.191
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:30:09.842114 00:10:18:28:5a:d4 > 00:02:55:7b:b2:d2, ethertype IPv4
(0x0800), length 74: 10.5.198.191 > 10.5.198.1: ICMP echo request, id 768,
seq 2048, length 40
11:30:09.842378 00:02:55:7b:b2:d2 > 00:10:18:28:5a:d4, ethertype IPv4
(0x0800), length 74: 10.5.198.1 > 10.5.198.191: ICMP echo reply, id 768, seq
2048, length 40
11:30:09.848139 00:10:18:28:5a:d4 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: arp who-has 10.5.198.191 tell 10.5.198.254
11:30:10.848133 00:10:18:28:5a:d4 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: arp who-has 10.5.198.191 tell 10.5.198.254
11:30:11.602844 00:10:18:28:5a:d4 > 00:1b:54:50:53:12, ethertype IPv4
(0x0800), length 222: 10.5.198.191.3635 > 76.101.63.161.8767: UDP, length
180
11:30:11.726850 00:1b:54:50:53:12 > 00:10:18:28:5a:d4, ethertype IPv4
(0x0800), length 478: 76.101.63.161.8767 > 10.5.198.191.3635: UDP, l




-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] MutiIsp-PPTP traffic routes

Reply via email to