Routing problem

Hello all. I have a routing problem.
I have a linux machine (OpenSuSE) that acts as a gateway for the LAN and
is connected to internet using two different internet providers.
I want to ping this linux machine from the lan and from outside, using
both public ip (even from the lan, I have to call linux using external
public ip and not the internal lan ip).

Let's call:
$IP1 = linux ip on first provider's net
$P1_NET = first provider's net
$P1 = default gateway ip on first provider's net
$IF1 = ethernet interface wired with first provider's net

I have tried these commands:
ip route add $P1_NET dev $IF1 src $IP1 table 1
ip route add default via $P1 table 1
ip route add $P2_NET dev $IF2 src $IP2 table 2
ip route add default via $P2 table 2
ip route del default
ip route add default via $P1
ip rule add from $IP1 table 1
ip rule add from $IP2 table 2

Now, if I ping $IP1 or ping $IP2 I get correct answer from outside but
not from the LAN.

If I substitute the 7th line with this line:
ip rule add from $IP1 to 82.0.0.0/8 lookup 2

than ping works from LAN and from outside but obviously it works only
from external ip like 82.a.b.c.
Extending this for all valid addresses I would have to write a lot of rules:
ip rule add from $IP1 to 1.0.0.0/8 lookup 2
ip rule add from $IP1 to 2.0.0.0/8 lookup 2
ip rule add from $IP1 to 3.0.0.0/8 lookup 2
....
excluding 192.168.0.0/16, and than the same for $IP2. It seems me not
very good. :-)

Have you got any suggestion to solve the problem?
Thank you very much.

Alessandro Topo Galileo writes:
> Hello all. I have a routing problem.
> I have a linux machine (OpenSuSE) that acts as a gateway for the LAN
> and is connected to internet using two different internet providers.
> I want to ping this linux machine from the lan and from outside, using
> both public ip (even from the lan, I have to call linux using external
> public ip and not the internal lan ip).

> Let's call:
> $IP1 = linux ip on first provider's net
> $P1_NET = first provider's net
> $P1 = default gateway ip on first provider's net
> $IF1 = ethernet interface wired with first provider's net

> I have tried these commands:
> ip route add $P1_NET dev $IF1 src $IP1 table 1
> ip route add default via $P1 table 1
> ip route add $P2_NET dev $IF2 src $IP2 table 2
> ip route add default via $P2 table 2
> ip route del default
> ip route add default via $P1
> ip rule add from $IP1 table 1
> ip rule add from $IP2 table 2

If you try to ping $IP1 from LAN, the replies you get on your LAN box
will be from $IP1. But since you specified a rule for all packets from
$IP1, the table 1 is considered which doesn't contain any routing rule
for your LAN .

> Now, if I ping $IP1 or ping $IP2 I get correct answer from outside but
> not from the LAN.

> If I substitute the 7th line with this line:
> ip rule add from $IP1 to 82.0.0.0/8 lookup 2

So adding above rule, restricts the rule to packets going to
82.0.0.0/8 .

HTH
--
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAkiF6Z0ACgkQHy+EEHYuXnTmSQCgt2hAlcHhyM r9HBE2eSWmmRgI
JWgAoO3jdGEcuCXOz07ylG4oSSvmEfjM
=oCGf
-----END PGP SIGNATURE-----

Il 22/07/2008 16.07, Ashish Shukla आशीष श�क�ल ha scritto:

> If you try to ping $IP1 from LAN, the replies you get on your LAN box
> will be from $IP1. But since you specified a rule for all packets from
> $IP1, the table 1 is considered which doesn't contain any routing rule
> for your LAN .

I understant this, but I don't know how to solve.
This does not solve:

route add 192.168.1.0/24 dev eth1 src $IP1 table 1

> So adding above rule, restricts the rule to packets going to
> 82.0.0.0/8 .

Yes, so I understant I have to write 254 rules to cover all X.0.0.0/8
for X<>192 (not considering 192.Y.0.0 for Y<>168).
It is not quite good...

Alessandro Topo Galileo writes:
> Il 22/07/2008 16.07, Ashish Shukla आशीष श�क�ल ha scritto:

>> If you try to ping $IP1 from LAN, the replies you get on your LAN box
>> will be from $IP1. But since you specified a rule for all packets from
>> $IP1, the table 1 is considered which doesn't contain any routing rule
>> for your LAN .

> I understant this, but I don't know how to solve.
> This does not solve:

You can solve this by a rules like this:

ip rule add from $IP1 to $LAN_NETWORK table main
ip rule add from $IP2 to $LAN_NETWORK table main

Now where to place these rules, is what you've to decide .

HTH
--
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiF8GYACgkQHy+EEHYuXnT/3wCZAdWclRg1Kd+iQGbm1w2A/098
dDYAni0c0FcuKme1IQYJVRApf5qw/d+p
=ma35
-----END PGP SIGNATURE-----

Alessandro Topo Galileo <(E-Mail Removed)> writes:

>Hello all. I have a routing problem.
>I have a linux machine (OpenSuSE) that acts as a gateway for the LAN and
>is connected to internet using two different internet providers.
>I want to ping this linux machine from the lan and from outside, using
>both public ip (even from the lan, I have to call linux using external
>public ip and not the internal lan ip).

>Let's call:
>$IP1 = linux ip on first provider's net
>$P1_NET = first provider's net
>$P1 = default gateway ip on first provider's net
>$IF1 = ethernet interface wired with first provider's net

Could you not have found a still more confusing set of symbols?

It is not clear what you want.



>I have tried these commands:
>ip route add $P1_NET dev $IF1 src $IP1 table 1
>ip route add default via $P1 table 1
>ip route add $P2_NET dev $IF2 src $IP2 table 2
>ip route add default via $P2 table 2
>ip route del default
>ip route add default via $P1
>ip rule add from $IP1 table 1
>ip rule add from $IP2 table 2

>Now, if I ping $IP1 or ping $IP2 I get correct answer from outside but
>not from the LAN.

And you want them from the lan why? The lan has its own interface and you
want the return packet to get to you inside, but the lan addresses are
probably non-routable and get thrown away.


>If I substitute the 7th line with this line:
>ip rule add from $IP1 to 82.0.0.0/8 lookup 2

>than ping works from LAN and from outside but obviously it works only
>from external ip like 82.a.b.c.
>Extending this for all valid addresses I would have to write a lot of rules:
>ip rule add from $IP1 to 1.0.0.0/8 lookup 2
>ip rule add from $IP1 to 2.0.0.0/8 lookup 2
>ip rule add from $IP1 to 3.0.0.0/8 lookup 2
>...
>excluding 192.168.0.0/16, and than the same for $IP2. It seems me not
>very good. :-)

>Have you got any suggestion to solve the problem?

It is hard to knw what the problem is.


>Thank you very much.

Il 22/07/2008 16.36, Ashish Shukla आशीष श�क�ल ha scritto:

> ip rule add from $IP1 to $LAN_NETWORK table main
> ip rule add from $IP2 to $LAN_NETWORK table main

Great!
It works (but I added "pref" at the end of these lines to put them
before the other rules, otherwise it doesn't work).
The last days I have tried something similar but without "table main".
Thank you!

Il 22/07/2008 17.29, Unruh ha scritto:

> And you want them from the lan why? The lan has its own interface and you
> want the return packet to get to you inside, but the lan addresses are
> probably non-routable and get thrown away.

I know, but to reach that server, for example using a browser, the DNS
gives the external ip... anyway, the problem was solved as written in
this thread.
Thank you for the answer.

Alessandro Topo Galileo writes:
> Il 22/07/2008 16.36, Ashish Shukla आशीष श�क�ल ha scritto:

>> ip rule add from $IP1 to $LAN_NETWORK table main
>> ip rule add from $IP2 to $LAN_NETWORK table main

> Great!
> It works (but I added "pref" at the end of these lines to put them
> before the other rules, otherwise it doesn't work).

Cool

> The last days I have tried something similar but without "table main".
> Thank you!

You're welcome.
--
·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiGGVoACgkQHy+EEHYuXnQZ1QCdGqbxIaU0bK 8UYe9I33ZMSAcE
hfsAnio3q+8WowUw1Temog4cXzKjGxpn
=jjy+
-----END PGP SIGNATURE-----

Alessandro Topo Galileo <(E-Mail Removed)> writes:

>Il 22/07/2008 17.29, Unruh ha scritto:

>> And you want them from the lan why? The lan has its own interface and you
>> want the return packet to get to you inside, but the lan addresses are
>> probably non-routable and get thrown away.

>I know, but to reach that server, for example using a browser, the DNS
>gives the external ip... anyway, the problem was solved as written in
>this thread.

On the internal net put your server into /etc/hosts. Then that internal
address will be used.

>Thank you for the answer.