packet mangling and routing
Michael L Torrie
torriem at chem.byu.edu
Tue Oct 16 14:45:52 MDT 2007
Corey Edwards wrote:
>> Example routing table:
>> Destination Genmask Gateway Iface
>> 0.0.0.0 0.0.0.0 126.96.36.199 eth0
>> 188.8.131.52 255.255.255.0 0.0.0.0 eth0
>> 10.2.0.0 255.255.255.0 0.0.0.0 eth1
>> 10.0.0.0 255.0.0.0 10.2.0.1 eth1
> I think I see the source of the problem. You've got a route to all of
> 10.0.0.0/8 via 10.2.0.1. I suspect Michael doesn't. Instead he's got two
> routes to 0.0.0.0/0. Two default routes like that is generally not what
> anybody wants.
> Michael, can you paste the current routing table.
I don't have any routing table yet. I'm just working through all of the
potential problems before I install the server. I initially was
thinking that routes such as what Lonnie suggested would work. Then as I
thought about, I wondered if they might not. Now I'm wondering if they
will, in fact work. So I'll test it empirically tomorrow. After this
discussion I have great hopes that it will work.
Would iptables running as a firewall on the public interface complicate
things? I doubt it. But who knows.
> I wonder if BYU is running any sort of internal routing protocol (OSPF,
> BGP, RIP, etc.). If that's the case, you could have your server
> participate and then it would know that all those 10.x subnets are on
> eth1 rather than eth0. Sometimes that's simpler and sometimes that's
> more complex.
It's possible. The vlans and routes here are so messy anyway (like
subnets spread across arbitrary ports across campus), that I'm, sure
they have to run BGP or something to keep all the routers straight.
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
More information about the PLUG