packet mangling and routing

Corey Edwards tensai at zmonkey.org
Tue Oct 16 15:56:35 MDT 2007


On Tue, 2007-10-16 at 14:45 -0600, Michael L Torrie wrote:
> Corey Edwards wrote:
> >> Example routing table:
> >> Destination	Genmask		Gateway		Iface
> >> 0.0.0.0		0.0.0.0		128.187.0.1	eth0
> >> 128.187.0.0	255.255.255.0	0.0.0.0		eth0
> >> 10.2.0.0	255.255.255.0	0.0.0.0		eth1
> >> 10.0.0.0	255.0.0.0	10.2.0.1	eth1
> > 
> > I think I see the source of the problem. You've got a route to all of
> > 10.0.0.0/8 via 10.2.0.1. I suspect Michael doesn't. Instead he's got two
> > routes to 0.0.0.0/0. Two default routes like that is generally not what
> > anybody wants.
> > 
> > Michael, can you paste the current routing table.
> 
> I don't have any routing table yet.  I'm just working through all of the
> potential problems before I install the server.  I initially was
> thinking that routes such as what Lonnie suggested would work. Then as I
> thought about, I wondered if they might not.  Now I'm wondering if they
> will, in fact work.  So I'll test it empirically tomorrow.  After this
> discussion I have great hopes that it will work.

Ah, OK. I do think it'll work for you as long as you have just one
default route going out the 128.187.x.x interface and another 10/8 route
going out the 10.x.x.x interface via your 10.x.x.x next hop.

> Would iptables running as a firewall on the public interface complicate
> things?  I doubt it.  But who knows.

I'm sure it can work, you'll just have to be careful where you use
interface filters since traffic to 128.187.x.x will arrive on both
interfaces.

Corey





More information about the PLUG mailing list