Routing and kernel 2.2.x

Routing and kernel 2.2.x

Post by Antonio Santo » Sun, 23 May 1999 04:00:00



Hi all

I'm a bit confused with all this routing stuff and masquerading.
The fact is that I have a two linux boxes linked to a local network
in my Faculty. One is a standalone workstation, but the other has
a second ethernet card and is serving a small intranet through
IPmasquerading. Both are working fine, but lately I found some
differences
in the routing tables since I've upgraded to kernel 2.2.x.

Their routing tables show

a) Standalone machine

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
localnet        *               255.255.255.0   U     0      0        0
eth0  

b) Server machine

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
intranet        *               255.255.255.0   U     0      0        0
eth0
localnet        *               255.255.255.0   U     0      0        0
eth1

Neither of them has a default gateway. We do have a gateway at the
faculty's network
(let's call it facgateway) and I was used to set it up in the rc.d
scripts. The same
applies to the other entries in the routing table. Now I know that
kernel 2.2.x does
this automatically but I guess that the default gw entry should be set
manually, as
is the loopbak interface entry (which is also missing from the routing
table).

My question is: should I set up the default gateway and loopback with
the commands

#route add -net 127.0.0.0 netmask 255.0.0.0 lo
#route add default gw facgateway netmask 255.255.255.0 metric 1

I'm asking because everything seems to be working but I'm afraid of
being overloading
the network (or the server) because there is no default gateway. If I do
this the
routing table looks like

a) Standalone

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         facgateway      255.255.255.0   UG    1      0        0 eth0
localnet        *               255.255.255.0   U     0      0        0
eth0
loopback        *               255.0.0.0       U     0      0        0
lo

b) Server

Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
default         facgateway      255.255.255.0   UG    1      0        0 eth1
intranet        *               255.255.255.0   U     0      0        0
eth0
localnet        *               255.255.255.0   U     0      0        0
eth1
loopback        *               255.0.0.0       U     0      0        0
lo

Is this OK? Can one explain me why it does work both ways? Is the entry
localnet
(eth1) necessary? (the kernel sets it up automatically, so I guess it
is...)

Thanks in advance

Antonio Santos

 
 
 

1. using fwmark routing rule on 2.2.x kernel

I have the problem:
I want to use routing based on some TCP protocol level data - it can be
theoretically done using "ip rule fwmark xxx" and corresponing ipchains
rule(s) (with -m option). In my case packets marked with "-m" option
shuold also be masqueraded.

My routing rules are:

ip ru add prio 100 lookup main
ip ru add prio 150 fwmark 1 lookup A
ip ru add prio 200 lookup B
ip ro flush table cache

both A and B tables contain one entry, let's say:
in A: 0/0 via a.b.c.d
in B: 0/0 via w.x.y.z

(a.b.c.d and w.x.y.z are connected to different router's interfaces)

I added the following ipchains rule (for simplicity condition here is
only destination host, but I need also some port-based conditions):

ipchains -A forward -d some.host.addr -m 1 -j MASQ

In this case packets to some.host.addr are masquraded (and rule counters
are incremented), but they are sent via w.x.y.z (_NOT_ a.b.c.d).

When I also added marking ipchains rule to input chain
(ipchains -A input -d some.host.addr -m 1 -j ACCEPT)
I can see (using tools like tcpdump) masquraded packets sent to
some.host via a.b.c.d, responses sent back from a.b.c.d to my router,
but router does not "demasqurade" them - originator receives nothing.
Packets are not rejected, just "anihilated" (??).

All tests were done from another host connected to third router's
interface (different than a.b.c.d and w.x.y.z are connected).
On router I have 2.2.16 kernel, all masqurading/routing options usefull
in that case are enabled (I think so).

Can anyone explain me the correct way using policy routing based on
fwmark ?
BTW: what is the order of interpreting input, forward, output chains and
routing rules during packet forwarding?

TIA

Lukasz Engel

2. Please HELP: IP-MASQ question

3. kernel 2.2 route/arp tables

4. Visual file comparision tool ?

5. kernel 2.2-pre4 route problem

6. batch system available soon

7. for 2.2.x i386 Linux kernel DoS - Affects 2.2.x and probably 2.0.x

8. Help with Xboard and Slingshot

9. Upgrading kernel 2.2.x to 2.4.x and GLibc 2.1.3 to 2.2.x

10. from kernel 2.0.36 -> kernel 2.2.x

11. Can you use the NTFS module from 2.2 kernel to 2.0 kernel?

12. upgrade kernel 2.2 from kernel 2.0.x without install redhat 6.0

13. Kernel 2.2 Network Drivers to Kernel 2.4?