iproute2 + multigateway and wrong src address for gateways

Post by M4te » Sun, 05 Nov 2006 06:31:41


I've been searching quite long for the answer, but I found only those
docs that I've tied,
so (as the act of desperation :) ) I beg you for help.
So, what is the problem? That is it:

I have 2 internet links form different ISP. iproute is configured
acording to


but there is a problem, wrong src IP is selected:

<code> via 80.53.46.X dev eth3  src 193.24.245.Z
    cache  mtu 1500 advmss 1460 hoplimit 64

where 80.53.46.X is a GATE on interface eth3 and 193.24.245.Z is the IP
of eth2

It cause that packet goes out via eth3, but answer comes back via eth2
(depending on SRC_IP)
where the packet can't be matched with any connection, and it's droped

SB had sth like that? SB solved it?
I'll be very pleased for any kind of respod.


Mateusz Rejek


1. Routing with iproute2 and ipchains - src address wont translate


I'm trying to get my server to route from/to a specific local machine to an
ADSL router using ipchains forwarding and ip route. The new ADSL router
Is connected to my Linux box on a second Ethernet card eth1.

Object of exercise - to enable a specific local PC to talk to the ADSL
Router as though it was directly connected, by selecting the PCs preferred
gateway to be the Linux box.

The two subnets are

ADSL router:
server eth1:


server eth0:
localpc    :
mygateway: <- this is the one I normally use for Internet access
                             and is the default gateway of the Linux box.

First, the ipchains.

#  ipchains -A forward -i eth1 --source -j MASQ --log
#  ipchains -A forward -j DENY --log
#  echo 1 > /proc/sys/net/ipv4/ip_forward

And the routing:

# ip rule add from nat table officepc
# ip route add dev eth1 src table officepc
# ip route add default via table officepc

But the source address does not appear to get translated:

# ip route get from iif eth0 from via dev eth1  src
     cache <masq,src-direct>  mtu 1500 advmss 1460 iif eth0

A sample ipchains log line:
Dec 22 20:50:44 server kernel: Packet log: forward DENY eth0 \
PROTO=1 L=60 S=0x00 I=47713 F=0x0000 T=127 (#2)

The packets are being sent out with the un-translated address
I've checked that it works if I set my default gateway to the ADSL router - then
I can happily ping the router from the local pc.

I'm using a stock RedHat 2.4.18-3 kernel and the .config
file appears to have all the right features enabled.

Any help gratefully received...


