On Saturday 22 October 2005 07:09 pm, Chuck wrote: > On Saturday 22 October 2005 05:25 pm, Guenther Fuchs wrote: > > > will gather some tutorial links on iproute2 and place them in here.. > > which distro are you running > > > Hi there, > > > > on Saturday, October 22, 2005 at 23:07 on the list was posted: > > > > > I would thnk you could do this using iproute2 with tables and rulesets > > > > Okay, do you have any links for me on that? Any "howto" or so which > > describes e.g. some similar setup maybe?
here are a number of reasonable links which you may gain an insight from on how to do what you want. http://snafu.freedom.org/linux2.2/docs/ip-cref/ip-cref.html#SECTION00080000000000000000 http://lartc.org/howto/ http://enterprise.linux.com/article.pl?sid=04/10/07/0057237&tid=89 http://www.policyrouting.org/iproute2.doc.html http://snafu.freedom.org/linux2.2/iproute-notes.html http://lartc.org/howto/lartc.rpdb.multiple-links.html http://people.netfilter.org/~rusty/unreliable-guides/ http://www.thelinuxreview.com/howto/networking/ i use gentoo which uses a net config file which plugs data into pre-defined routines calling ip with the proper commandlines.. but it can give you an insight into things maybe by seeing something modules=( "iproute2" ) # 32net 4port config_eth0=( "64.113.33.2 netmask 255.255.254.0 broadcast 64.113.33.255" ) routes_eth0=( "64.113.32.0/23 src 64.113.33.2 table 32net" ) routes_eth0=( "default via 64.113.32.1 table 32net" ) #default gateway for sysem as a catch-all routes_eth0=( "default via 64.113.32.1" ) rules_eth0=( "from 64.113.32.0/23 table 32net" ) #pvtnet 4port config_eth1=( "172.30.0.57 netmask 255.255.255.0 broadcast 172.30.0.255" ) routes_eth1=( "172.30.0.0/24 src 172.30.0.57 table pvtnet" ) routes_eth1=( "default via 172.30.0.1 table pvtnet" ) rules_eth1=( "from 172.30.0.0/24 table pvtnet" ) # 34net 4port config_eth2=( "64.113.34.254 netmask 255.255.255.0 broadcast 64.113.34.255" ) routes_eth2=( "64.113.34.0/24 src 64.113.34.254 table 34net" ) routes_eth2=( "default via 64.113.34.1 table 34net" ) rules_eth2=( "from 64.113.34.0/24 table 34net" ) # 39net 4port config_eth3=( "64.113.39.252 netmask 255.255.255.0 broadcast 64.113.39.255" ) routes_eth3=( "64.113.39.0/24 src 64.113.39.252 table 39net" ) routes_eth3=( "default via 64.113.39.1 table 39net" ) rules_eth3=( "from 64.113.39.0/24 table 39net" ) # available. netsemi nic #config_eth4=( "64.113.38.124 netmask 255.255.255.248 broadcast 64.113.38.127" ) #routes_eth4=( "64.113.38.120/29 src 64.113.38.124 table 38net" ) #routes_eth4=( "default via 64.113.38.121 table 38net" ) #routes_eth4=( "default via 64.113.38.121" ) #rules_eth4=( "from 64.113.38.120/29 table 38net" ) the above are all unique physical networks within our system each with its own border router to the outside with the exception of pvtnet which remains internal. the config statements above use ip addr the routes statements above use ip route the rules statements above use ip rule there are numerous examples of the usage syntax for those in the links. the tables are names given arbitrary unique values. contents of rt_tables: # # reserved values # 255 local 254 main 253 default 0 unspec # # local # i added these below to match our networks 32 32net 34 34net 38 38net 39 39net 172 pvtnet all of the above configs, yield this working routing table: ip route show 64.113.34.0/24 dev eth2 proto kernel scope link src 64.113.34.254 172.30.0.0/24 dev eth1 proto kernel scope link src 172.30.0.57 64.113.39.0/24 dev eth3 proto kernel scope link src 64.113.39.252 172.30.0.0/23 dev eth1 proto kernel scope link src 172.30.0.90 64.113.32.0/23 dev eth0 proto kernel scope link src 64.113.33.2 127.0.0.0/8 dev lo scope link default via 64.113.32.1 dev eth0 the working rules display: ip rule show 0: from all lookup local 32762: from 64.113.39.0/24 lookup 39net 32763: from 64.113.34.0/24 lookup 34net 32764: from 172.30.0.0/24 lookup pvtnet 32765: from 64.113.32.0/23 lookup 32net 32766: from all lookup main 32767: from all lookup default from the way you mentioned things, i would change a bit.. eth0 when active becomes a hardwired default for some things. it would be better to make eth0 your internal network if that is your routing priority and use eth1 for your outside connection. unless you want the oujtside connection to be the priority then make it eth0. place the system default gateway on the outside connection device because if the default is on your internal network, then any requests for outside ip addresses not addressed by rules or routes in the networking system will flow out to the default gateway into the internal network. each device has its own gateway/table in addition to the default, so anything you send to your internal network will always go out your internal network device. with iproute2, and there is documentation for this in the links above, you can also do ip forwarding and many other things easily that have a hard time working using the older ifconfig/route setup. to use iproute2 you must have advanced router enabled in your kernel along with multiple tables option directly beneath it when you enable advanced routing. in .config that translates to: CONFIG_IP_ADVANCED_ROUTER=y CONFIG_ASK_IP_FIB_HASH=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y hope the above resource links help solve your problem. > > > > -- > > regards, > > > > Guenther Fuchs > > > > _______________________________________________ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > -- > > Chuck > > "...and the hordes of M$*ft users descended upon me in their anger, > and asked 'Why do you not get the viruses or the BlueScreensOfDeath > or insecure system troubles and slowness or pay through the nose > for an OS as *we* do?!!', and I answered...'I use Linux'. " > The Book of John, chapter 1, page 1, and end of book > > > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
