Routing and kernel 2.2.x

Routing and kernel 2.2.x

Post by Antonio Santo » Sun, 23 May 1999 04:00:00

Hi all

I'm a bit confused with all this routing stuff and masquerading.
The fact is that I have a two linux boxes linked to a local network
in my Faculty. One is a standalone workstation, but the other has
a second ethernet card and is serving a small intranet through
IPmasquerading. Both are working fine, but lately I found some
in the routing tables since I've upgraded to kernel 2.2.x.

Their routing tables show

a) Standalone machine

Destination     Gateway         Genmask         Flags Metric Ref    Use
localnet        *        U     0      0        0

b) Server machine

Destination     Gateway         Genmask         Flags Metric Ref    Use
intranet        *        U     0      0        0
localnet        *        U     0      0        0

Neither of them has a default gateway. We do have a gateway at the
faculty's network
(let's call it facgateway) and I was used to set it up in the rc.d
scripts. The same
applies to the other entries in the routing table. Now I know that
kernel 2.2.x does
this automatically but I guess that the default gw entry should be set
manually, as
is the loopbak interface entry (which is also missing from the routing

My question is: should I set up the default gateway and loopback with
the commands

#route add -net netmask lo
#route add default gw facgateway netmask metric 1

I'm asking because everything seems to be working but I'm afraid of
being overloading
the network (or the server) because there is no default gateway. If I do
this the
routing table looks like

a) Standalone

Destination     Gateway         Genmask         Flags Metric Ref    Use
default         facgateway   UG    1      0        0 eth0
localnet        *        U     0      0        0
loopback        *            U     0      0        0

b) Server

Destination     Gateway         Genmask         Flags Metric Ref    Use
default         facgateway   UG    1      0        0 eth1
intranet        *        U     0      0        0
localnet        *        U     0      0        0
loopback        *            U     0      0        0

Is this OK? Can one explain me why it does work both ways? Is the entry
(eth1) necessary? (the kernel sets it up automatically, so I guess it

Thanks in advance

Antonio Santos


1. using fwmark routing rule on 2.2.x kernel

I have the problem:
I want to use routing based on some TCP protocol level data - it can be
theoretically done using "ip rule fwmark xxx" and corresponing ipchains
rule(s) (with -m option). In my case packets marked with "-m" option
shuold also be masqueraded.

My routing rules are:

ip ru add prio 100 lookup main
ip ru add prio 150 fwmark 1 lookup A
ip ru add prio 200 lookup B
ip ro flush table cache

both A and B tables contain one entry, let's say:
in A: 0/0 via a.b.c.d
in B: 0/0 via w.x.y.z

(a.b.c.d and w.x.y.z are connected to different router's interfaces)

I added the following ipchains rule (for simplicity condition here is
only destination host, but I need also some port-based conditions):

ipchains -A forward -d -m 1 -j MASQ

In this case packets to are masquraded (and rule counters
are incremented), but they are sent via w.x.y.z (_NOT_ a.b.c.d).

When I also added marking ipchains rule to input chain
(ipchains -A input -d -m 1 -j ACCEPT)
I can see (using tools like tcpdump) masquraded packets sent to via a.b.c.d, responses sent back from a.b.c.d to my router,
but router does not "demasqurade" them - originator receives nothing.
Packets are not rejected, just "anihilated" (??).

All tests were done from another host connected to third router's
interface (different than a.b.c.d and w.x.y.z are connected).
On router I have 2.2.16 kernel, all masqurading/routing options usefull
in that case are enabled (I think so).

Can anyone explain me the correct way using policy routing based on
fwmark ?
BTW: what is the order of interpreting input, forward, output chains and
routing rules during packet forwarding?


Lukasz Engel

2. Please HELP: IP-MASQ question

3. kernel 2.2 route/arp tables

4. Visual file comparision tool ?

5. kernel 2.2-pre4 route problem

6. batch system available soon

7. for 2.2.x i386 Linux kernel DoS - Affects 2.2.x and probably 2.0.x

8. Help with Xboard and Slingshot

9. Upgrading kernel 2.2.x to 2.4.x and GLibc 2.1.3 to 2.2.x

10. from kernel 2.0.36 -> kernel 2.2.x

11. Can you use the NTFS module from 2.2 kernel to 2.0 kernel?

12. upgrade kernel 2.2 from kernel 2.0.x without install redhat 6.0

13. Kernel 2.2 Network Drivers to Kernel 2.4?