Two interfaces

Probably this is a standars problem...

I have two interfaces eth0 and eth1. The default interface is eth1. I am
having problems routing the voice traffic to eth0
eth0 10.58.16.28 gw: 10.58.0.1 mask:255.255.0.0.
eth1 192.168.1.110 gw:192.168.1.254: mask 255.255.255.0

I want all outgoing traffic designated to 10.xx.xx.xx to go out through eth0
and also to go through gw 10.58.0.1 when the destination is not in the mask
of eth0's mask, otherwise not.

What i've done so far is:
$iptables -t mangle -A OUTPUT -d 10.0.0.0/8 -j MARK --set-mark 2 #mark
outgoing traffic for 10....with 2
$iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to 10.58.16.28
#change source address with mark 2 to 10....

$iproute rule add fwmark 2 table tm1 # send all traffic with mark 2 to table
tm1
$iproute route add default via 10.58.0.1 dev eth0 table tm1 #use eth0 and
this default gateway in table tm1

But i see a lot of these in tcpdump on eth0
arp who-has 10.58.0.1 tell 10.58.16.28
arp reply 10.58.0.1 is-at xx:xx:xx:xx:xx:xx

All addresses 192..., 10.58...., 10.22... are pingable, but on every other
call (randomly) there is no voice when it's supposed to go out to
10.22.12.xx. Tcpdump on eth0 shows packets ok:

IP 10.22.12.22.33214 > 10.58.16.28.31802: UDP, length 172
IP 10.58.16.28.1024 > 10.22.12.22.33214: UDP, length 172

and i also see all ok on the packet dump of the voice server.

I suspect there is a problem with lower level communication with gateway,
but i cant see why.

Any suggestions?

Thanks, Jozza

Hello,

Jozza a écrit :
>
> I have two interfaces eth0 and eth1. The default interface is eth1. I am
> having problems routing the voice traffic to eth0
> eth0 10.58.16.28 gw: 10.58.0.1 mask:255.255.0.0.
> eth1 192.168.1.110 gw:192.168.1.254: mask 255.255.255.0
>
> I want all outgoing traffic designated to 10.xx.xx.xx to go out through eth0
> and also to go through gw 10.58.0.1 when the destination is not in the mask
> of eth0's mask, otherwise not.
>
> What i've done so far is:
> $iptables -t mangle -A OUTPUT -d 10.0.0.0/8 -j MARK --set-mark 2 #mark
> outgoing traffic for 10....with 2
> $iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to 10.58.16.28
> #change source address with mark 2 to 10....
>
> $iproute rule add fwmark 2 table tm1 # send all traffic with mark 2 to table
> tm1
> $iproute route add default via 10.58.0.1 dev eth0 table tm1 #use eth0 and
> this default gateway in table tm1

Just being curious... Why didn't you just add a route to 10.0.0.0/8 via
10.58.0.1 in the main routing table, instead of using advanced routing
and NAT ?

> But i see a lot of these in tcpdump on eth0
> arp who-has 10.58.0.1 tell 10.58.16.28
> arp reply 10.58.0.1 is-at xx:xx:xx:xx:xx:xx

What's wrong with it ?

> All addresses 192..., 10.58...., 10.22... are pingable

Really, even addresses in 10.58.0.0/16 ? IMHO your advanced routing does
not meet your requirement : "I want all outgoing traffic designated to
10.xx.xx.xx to go out through eth0 and also to go through gw 10.58.0.1
when the destination is not in the mask of eth0's mask, otherwise not".
With the above rules, all 10.0.0.0/8 should be routed via 10.58.0.1,
including 10.58.0.0/16.

"Pascal Hambourg" <boite-a-(E-Mail Removed)> wrote in message
news:4905ad53$0$894$(E-Mail Removed)...
> Hello,
>
> Jozza a écrit :
>>
>> I have two interfaces eth0 and eth1. The default interface is eth1. I am
>> having problems routing the voice traffic to eth0
>> eth0 10.58.16.28 gw: 10.58.0.1 mask:255.255.0.0.
>> eth1 192.168.1.110 gw:192.168.1.254: mask 255.255.255.0
>>
>> I want all outgoing traffic designated to 10.xx.xx.xx to go out through
>> eth0 and also to go through gw 10.58.0.1 when the destination is not in
>> the mask of eth0's mask, otherwise not.
>>
>> What i've done so far is:
>> $iptables -t mangle -A OUTPUT -d 10.0.0.0/8 -j MARK --set-mark 2 #mark
>> outgoing traffic for 10....with 2
>> $iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to 10.58.16.28
>> #change source address with mark 2 to 10....
>>
>> $iproute rule add fwmark 2 table tm1 # send all traffic with mark 2 to
>> table tm1
>> $iproute route add default via 10.58.0.1 dev eth0 table tm1 #use eth0 and
>> this default gateway in table tm1
>
> Just being curious... Why didn't you just add a route to 10.0.0.0/8 via
> 10.58.0.1 in the main routing table, instead of using advanced routing and
> NAT ?
>
>> But i see a lot of these in tcpdump on eth0
>> arp who-has 10.58.0.1 tell 10.58.16.28
>> arp reply 10.58.0.1 is-at xx:xx:xx:xx:xx:xx
>
> What's wrong with it ?
>
>> All addresses 192..., 10.58...., 10.22... are pingable
>
> Really, even addresses in 10.58.0.0/16 ? IMHO your advanced routing does
> not meet your requirement : "I want all outgoing traffic designated to
> 10.xx.xx.xx to go out through eth0 and also to go through gw 10.58.0.1
> when the destination is not in the mask of eth0's mask, otherwise not".
> With the above rules, all 10.0.0.0/8 should be routed via 10.58.0.1,
> including 10.58.0.0/16.

You're right,

but i did it now without iptables
i just added a static route:
ip route add 10.22.0.0/16 via 10.58.0.1 dev eth0
- which was the initial problem, i couldnt get it to go through eth0 and to
use gateway 10.58.0.1
so i tried all the garbage with marking the packets ... but the solution is
so simple

So another question arises:
How does the router know that when a packet is sent to 10.22.xx.xx it should
set the source ip to 10.58.16.28? Which it clearly does when i ping
10.22.xx.xx. Is it because it figures out that i want to use the gateway
that is already set for a specific interface? In that case, it shouldn't be
required to add the dev eth0 to the above route, right?

J.

Jozza a écrit :
>
> i just added a static route:
> ip route add 10.22.0.0/16 via 10.58.0.1 dev eth0

This route covers only 10.22.0.0/16, not 10.0.0.0/8. But if it is what
you need, it is fine.

> How does the router know that when a packet is sent to 10.22.xx.xx it should
> set the source ip to 10.58.16.28? Which it clearly does when i ping
> 10.22.xx.xx. Is it because it figures out that i want to use the gateway
> that is already set for a specific interface?

First it looks whether the route covering the destination contains an
explicit source address. "ip route" will show which routes contain an
explicit source address. If not, if the route contains a gateway then it
looks for a source address in the route to the gateway. If not, it uses
an address of the output interface. If the interface has no address,
then it uses a suitable address of another interface.

In your case the route to 10.22.0.0/16 has a gateway, 10.58.0.1, and it
is likely that the route to 10.58.0.0/16 containing this address has the
source address 10.58.16.28.

> In that case, it shouldn't be
> required to add the dev eth0 to the above route, right?

Indeed "dev eth0" should not be required and will be added
automatically, because the system already knows that the gateway address
is reachable on eth0.

"Pascal Hambourg" <boite-a-(E-Mail Removed)> wrote in message
news:4905d6f5$0$847$(E-Mail Removed)...
> Jozza a écrit :
>>
>> i just added a static route:
>> ip route add 10.22.0.0/16 via 10.58.0.1 dev eth0
>
> This route covers only 10.22.0.0/16, not 10.0.0.0/8. But if it is what you
> need, it is fine.
>
>> How does the router know that when a packet is sent to 10.22.xx.xx it
>> should set the source ip to 10.58.16.28? Which it clearly does when i
>> ping 10.22.xx.xx. Is it because it figures out that i want to use the
>> gateway that is already set for a specific interface?
>
> First it looks whether the route covering the destination contains an
> explicit source address. "ip route" will show which routes contain an
> explicit source address. If not, if the route contains a gateway then it
> looks for a source address in the route to the gateway. If not, it uses an
> address of the output interface. If the interface has no address, then it
> uses a suitable address of another interface.
>
> In your case the route to 10.22.0.0/16 has a gateway, 10.58.0.1, and it is
> likely that the route to 10.58.0.0/16 containing this address has the
> source address 10.58.16.28.
>
>> In that case, it shouldn't be required to add the dev eth0 to the above
>> route, right?
>
> Indeed "dev eth0" should not be required and will be added automatically,
> because the system already knows that the gateway address is reachable on
> eth0.

Thanks alot for clarifications

J.