Hi.. First I'd like to point out that I'm having a "semi-problem" of routing and masquerading...
The routing and masquerading I want to do, is working fine with what I have done, but it's giving some problem with traceroutes, making them not work correctly or as expected... so I believe something is not working as it should.. so here goes the detail of the situation and what I have done, sorry for the long mail.... I've been running a network with IP Masquerading for about an year now without any problem. All routing is been made by iproute2, source routing, etc, and masquerading via ipchains since I'm using Kernel 2.2.19pre17 Until some days ago, the network consisted of a Linux box behind the router that conects to the Internet, and my LAN on the other side of the Linux box. The Router has an E1 connection separated into 2 channels, one that goes directly to Internet, and the other to UyNet (UruguayNet), which is the main backbone and network across my country (Uruguay). So if I want to access any site on the Internet like google.com, it goes through one channel, and if I want to access a site in Uruguay it goes through the other one.. I got several different networks in my LAN which I have always masqued with ipchains with no problem.. some days ago, we added a second connection which has only one channel that accesses both, Internet and UyNet You can see how it looks like in http://juanin.com/net.jpg The connection through "Router 1" is the new connection with one channel, and the one through "Router 2" is the connection we have always used with the 2 separated channels.. What I want to do is to route traffic from certain of my LANs to Internet through "Router 1" and traffic from other of the LANs to Internet through "Router 2". BUT, all traffic to UyNet must be routed through the UyNet Channel in "Router 2". by default I masquerade my the LANs like this: ipchains -I forward -s 192.168.1.0/24 -j MASQ -i eth0 what I did for testing purposes is to leave everything as it is, but route my own machine (192.168.1.137) to Internet through "Router 1" and to UyNet through "Router2", by use of iproute2 source routing: ip ro add default gw [Router 1 IP address] table xx ip ro add [all Uynet networks] via [Router 2 IP address] table xx ip ru add from [eth2 IP address] lookup xx ip ru add from 192.168.1.137 lookup xx I also added the following in order to masq my machine through eth2 and go to Internet through "Router 1" ipchains -I forward -s 192.168.1.137 -j MASQ -i eth2 all of this works fine, and I go routed as I want... BUT the problem I got is that traceroutes now don't work as expected... If I traceroute an Internet address (for example google or yahoo) I see the first step to 192.168.1.1 (my default gw, eth1), all the next hops through the Uruguayan network appear as packet loss without being able to be resolved until it goes out to the Internet where it continues in a normal way... if I traceroute an address from the UyNet network, some hops are resolved ok, and some are unresolved too... here are 2 examples: <Example 1, traceroute to internet address> C:\Documents and Settings\juanin>tracert www.yahoo.com Traza a la dirección www.yahoo.akadns.net [64.58.76.178] sobre un máximo de 30 saltos: 1 <1 ms <1 ms <1 ms 192.168.1.1 2 * * * Tiempo de espera agotado para esta solicitud. (Timeout) 3 * * * Tiempo de espera agotado para esta solicitud. 4 * * * Tiempo de espera agotado para esta solicitud. 5 * * * Tiempo de espera agotado para esta solicitud. 6 143 ms 143 ms 143 ms iar2-so-2-2-0-0.Miami.cw.net [208.173.90.73] 7 144 ms 143 ms 143 ms acr2-loopback.Miami.cw.net [208.172.98.62] 8 172 ms 170 ms 170 ms agr4-loopback.Washington.cw.net [206.24.226.104] 9 171 ms 172 ms 171 ms dcr1-so-6-3-0.Washington.cw.net [206.24.238.61] 10 173 ms 173 ms 173 ms cable-and-wireless-internal-isp.Washington.cw.net [206.24.238.26] </Example 1, traceroute to internet address> <Example 2, traceroute to UyNet address> C:\Documents and Settings\juanin>tracert www.fastlink.com.uy Traza a la dirección www.fastlink.com.uy [200.61.78.6] sobre un máximo de 30 saltos: 1 <1 ms <1 ms <1 ms 192.168.1.1 2 1 ms <1 ms <1 ms gw.mydomain.com [xxx.xxx.xxx.xxx] 3 * * * Tiempo de espera agotado para esta solicitud 4 18 ms 7 ms 7 ms ubgpcen1-fe-1-0.antel.net.uy [200.40.128.11] 5 * * * Tiempo de espera agotado para esta solicitud 6 370 ms 40 ms 66 ms r200-71-0-4.techtel.com.uy [200.71.0.4] 7 * * * Tiempo de espera agotado para esta solicitud 8 68 ms 49 ms 74 ms paginas.fastlink.com.uy [200.61.78.6] </Example 2, traceroute to UyNet address> If I make traceroutes from other machines in my LAN 192.168.1.0/24 which have not been modified their routing (theay always go away through "Router2"), the traceroutes are ok... If I connect my machine directly to "Router 1" with an IP of it's network, traceroutes are ok too.. also, from Internet I can ping "Router 2" and eth0, also I can ping "Router 1" but I can not ping eth2!!! so I think I'm having some masquerading mess I am missing... does anyone know what the problem may be?? the routing works, great, but it's not very nice not to be able to do a proper traceroute.. thanks in advance, juaid PS: I also tried making implicit maquerading like: ipchains -I forward -s 192.168.1.137 -d 64.58.76.178 -j MASQ -i eth2 ipchains -I forward -s 192.168.1.137 -d 200.61.78.6 -j MASQ -i eth0 and got exactly the same awfull results.. :( a frined of mine told me he does something similar that works ok but with iptables, but I'm not using Kernel 2.4 and do not want to upgrade it.. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
