Advanced routing question

Hello.
I have a box with 4 nic's, eth0 .. eth3;

eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
172.16.x.x
eth1 and eth2 are connected to eachother by a crossed UTP-cable.

What I want is that all incoming traffic on eth0 that is destined for
172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
to go out on eth1, and then when it comes back in through eth2, then
it must go out on eth3.

And also vice versa, that is all ip that comes in on eth3 and is
destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
finally leaves via eth0.

How to do this?
Any hints appreciated.

"Hans" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> Hello.
> I have a box with 4 nic's, eth0 .. eth3;
>
> eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
> 172.16.x.x
> eth1 and eth2 are connected to eachother by a crossed UTP-cable.
>
> What I want is that all incoming traffic on eth0 that is destined for
> 172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
> to go out on eth1, and then when it comes back in through eth2, then
> it must go out on eth3.
>
> And also vice versa, that is all ip that comes in on eth3 and is
> destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
> finally leaves via eth0.
>
> How to do this?
> Any hints appreciated.

So that would be:

|-------------------------------------------|
192.168.0.0 |eth0/192.168.0.1 eth3/172.16.0.1| 172.16.0.0
-------------|----> | |------>---- |-------------
| | | |
| |eth1 |eth2 |
| |10.10.0.1 |10.10.0.2 |
|-------------------------------------------|
| |
| |
V |
|-->-- crossed UTP -->--|



Gr, Hans

Hi, Hans,

Looks like I have similar question as yours (see my post today). It seems
NAT (Network Address Translation) may do that. I found some links.
Haven't tried yet. Let me if you have any luck with them:

http://computer.howstuffworks.com/nat1.htm

http://groups.google.de/groups?hl=de...=3D88217A.6070
702%40candelatech.com&rnum=27&prev=/groups%3Fq%3DGreear%2BBen%26start%3D20%26hl%
3Dde%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26as_drrb%3Db%26as_mind%3D12%26as_minm%3D
5%26as_miny%3D2001%26as_maxd%3D7%26as_maxm%3D5%26a s_maxy%3D2004%26selm%3D3D88217
A.6070702%2540candelatech.com%26rnum%3D27

Frank

On Fri, 7 May 2004, Hans wrote:

>
> "Hans" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > Hello.
> > I have a box with 4 nic's, eth0 .. eth3;
> >
> > eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
> > 172.16.x.x
> > eth1 and eth2 are connected to eachother by a crossed UTP-cable.
> >
> > What I want is that all incoming traffic on eth0 that is destined for
> > 172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
> > to go out on eth1, and then when it comes back in through eth2, then
> > it must go out on eth3.
> >
> > And also vice versa, that is all ip that comes in on eth3 and is
> > destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
> > finally leaves via eth0.
> >
> > How to do this?
> > Any hints appreciated.
>
> So that would be:
>
> |-------------------------------------------|
> 192.168.0.0 |eth0/192.168.0.1 eth3/172.16.0.1| 172.16.0.0
> -------------|----> | |------>---- |-------------
> | | | |
> | |eth1 |eth2 |
> | |10.10.0.1 |10.10.0.2 |
> |-------------------------------------------|
> | |
> | |
> V |
> |-->-- crossed UTP -->--|
>
>
>
> Gr, Hans
>
>
>

Hans wrote:

> "Hans" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
>
>>Hello.
>>I have a box with 4 nic's, eth0 .. eth3;
>>
>>eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
>>172.16.x.x
>>eth1 and eth2 are connected to eachother by a crossed UTP-cable.
>>
>>What I want is that all incoming traffic on eth0 that is destined for
>>172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
>>to go out on eth1, and then when it comes back in through eth2, then
>>it must go out on eth3.
>>
>>And also vice versa, that is all ip that comes in on eth3 and is
>>destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
>>finally leaves via eth0.
>>
>>How to do this?
>>Any hints appreciated.
>
>
> So that would be:
>
> |-------------------------------------------|
> 192.168.0.0 |eth0/192.168.0.1 eth3/172.16.0.1| 172.16.0.0
> -------------|----> | |------>---- |-------------
> | | | |
> | |eth1 |eth2 |
> | |10.10.0.1 |10.10.0.2 |
> |-------------------------------------------|
> | |
> | |
> V |
> |-->-- crossed UTP -->--|
>

I guess, the IP header must not be modified in your case here
(as NAT would do).

I'm not sure, but some time ago I read something about
'iptables can set a mark on incoming packets' and
'route can make routing decisions based on marks set by iptables'

iptables -t mangle -A PREROUTING -i eth0 -??? -mark 1
iptables -t mangle -A PREROUTING -i eth3 -??? -mark 2

route ... ??? marked 1 dev eth1
route ... ??? marked 2 dev eth2

takes these as examples, they are not correct though.

Toni

Toni Erdmann wrote:

> Hans wrote:
>
>> "Hans" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed) om...
>>
>>> Hello.
>>> I have a box with 4 nic's, eth0 .. eth3;
>>>
>>> eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
>>> 172.16.x.x
>>> eth1 and eth2 are connected to eachother by a crossed UTP-cable.
>>>
>>> What I want is that all incoming traffic on eth0 that is destined for
>>> 172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
>>> to go out on eth1, and then when it comes back in through eth2, then
>>> it must go out on eth3.
>>>
>>> And also vice versa, that is all ip that comes in on eth3 and is
>>> destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
>>> finally leaves via eth0.
>>>
>>> How to do this?
>>> Any hints appreciated.
>>
>>
>>
>> So that would be:
>>
>> |-------------------------------------------|
>> 192.168.0.0 |eth0/192.168.0.1 eth3/172.16.0.1| 172.16.0.0
>> -------------|----> | |------>---- |-------------
>> | | | |
>> | |eth1 |eth2 |
>> | |10.10.0.1 |10.10.0.2 |
>> |-------------------------------------------|
>> | |
>> | |
>> V |
>> |-->-- crossed UTP -->--|
>>
>
> I guess, the IP header must not be modified in your case here
> (as NAT would do).
>
> I'm not sure, but some time ago I read something about
> 'iptables can set a mark on incoming packets' and
> 'route can make routing decisions based on marks set by iptables'
>
> iptables -t mangle -A PREROUTING -i eth0 -??? -mark 1
> iptables -t mangle -A PREROUTING -i eth3 -??? -mark 2
>
> route ... ??? marked 1 dev eth1
> route ... ??? marked 2 dev eth2
>
> takes these as examples, they are not correct though.

more correct:

/sbin/iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 1
/sbin/iptables -t mangle -A PREROUTING -i eth3 -j MARK --set-mark 2

/sbin/ip rule add fwmark 1 table toeth1
/sbin/ip rule add fwmark 2 table toeth2

/sbin/ip route add default via ????? dev eth1 table toeth1
/sbin/ip route add default via ????? dev eth2 table toeth2

I saw something like this in

/usr/share/doc/howto/en/html/Adv-Routing-HOWTO/lartc.netfilter.html

on a SuSe Linux 9.0 (i guess)

HTH, and please let me know

Toni

Hans wrote:
> "Hans" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
>
>>Hello.
>>I have a box with 4 nic's, eth0 .. eth3;
>>
>>eth0 is on 192.168.x.x; eth1 and 2 are on 10.10.x.x; eth 3 is on
>>172.16.x.x
>>eth1 and eth2 are connected to eachother by a crossed UTP-cable.
>>
>>What I want is that all incoming traffic on eth0 that is destined for
>>172.16.x.x, to be rerouted NOT immediately to eth3, but to be routed
>>to go out on eth1, and then when it comes back in through eth2, then
>>it must go out on eth3.
>>
>>And also vice versa, that is all ip that comes in on eth3 and is
>>destined for 192.168.x.x, to go out on eth2, come in again on eth1 and
>>finally leaves via eth0.
>>
>>How to do this?
>>Any hints appreciated.
>
>
> So that would be:
>
> |-------------------------------------------|
> 192.168.0.0 |eth0/192.168.0.1 eth3/172.16.0.1| 172.16.0.0
> -------------|----> | |------>---- |-------------
> | | | |
> | |eth1 |eth2 |
> | |10.10.0.1 |10.10.0.2 |
> |-------------------------------------------|
> | |
> | |
> V |
> |-->-- crossed UTP -->--|

What exactly is THIS ---- UP THERE ---- good for...?

Anyways, Toni gave hints already, but in this configuration of Yours,
I'll doubt hat those work.

It would be of great help if You could tell us what You want to do.
Good news: It is possible, but it will require some tweaks.


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...