[ale] routing fun

James P. Kinney III jkinney at localnetsolutions.com
Thu May 10 17:23:57 EDT 2007


I am not seeing something OBVIOUS here I'm sure.

One server with 3 NICS. 2 Nics go to Internet on 2 separate ISP lines,
third is internal connection.

System has web sites on both external IPs. System has email (and
firewall) and also acts as gateway for internal LAN.

>From the LAN, all systems can hit the Internet (very fast I might add

due to the dual WAN ports and the load balancing). All internal systems
can hit the box for email. Outside systems can hit the box for web pages
and email access (imaps and pop3s and TLS send).

But LAN can't access web sites _ON_ the machine ?!?!?

I have some routing set up as below (IPs changed to protect the
guilty :)  :

IF0='eth0'  #LAN
IF1='eth1'  #WAN 1
IF2='eth2'  #WAN 2
IP0='192.168.0.101'
IP1='10.20.1.241' #WAN1 IP
IP2='10.20.2.82'  #WAN2 IP
P0='192.168.0.101' #LAN IP
P1='10.20.1.1'    #WAN1 gateway
P2='10.20.2.1'    #WAN2 gateway
P0_NET='192.168.0.0' #LAN NET
P1_NET='10.20.1.0'  #WAN1 NET
P2_NET='10.20.2.0'  #WAN2 NET

ip route add $P0_NET dev $IF0 src $IP0 table T0
ip route add default via $P0 table T0

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1

ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add $P0_NET dev $IF0 src $IP0

#ip route add default via $P1

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
ip rule add from $IP0 table T0

ip route add $P1_NET     dev $IF1 table T0
ip route add $P2_NET     dev $IF2 table T0
ip route add 127.0.0.0/8 dev lo   table T0

ip route add $P0_NET     dev $IF0 table T1
ip route add $P2_NET     dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo   table T1

ip route add $P0_NET     dev $IF0 table T2
ip route add $P1_NET     dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo   table T2

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
nexthop via $P2 dev $IF2 weight 1


Last line does the magic for outgoing load balancing. The tables T0, T1
and T2 exist and are loading OK as 'ip route show table Tx' will
indicate.

It _looks_ like I have a route on every table to every network but data
doesn't flow from LAN to web server. BUT LAN to email is OK.
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part




More information about the Ale mailing list