[ale] routing fun - RESOLVED

James P. Kinney III jkinney at localnetsolutions.com
Thu May 17 00:24:12 EDT 2007 

Found the glitch. See below in the routing set up script for the fix.

What a bone head....

Without the designation 192.168.0.0/24, the use of just 192.168.0.0 is
just an IP address not a destination range. So of course nothing from
that subnet can route back.

On Thu, 2007-05-10 at 17:23 -0400, James P. Kinney III wrote:
> I am not seeing something OBVIOUS here I'm sure.
> 
> One server with 3 NICS. 2 Nics go to Internet on 2 separate ISP lines,
> third is internal connection.
> 
> System has web sites on both external IPs. System has email (and
> firewall) and also acts as gateway for internal LAN.
> 
> From the LAN, all systems can hit the Internet (very fast I might add
> due to the dual WAN ports and the load balancing). All internal systems
> can hit the box for email. Outside systems can hit the box for web pages
> and email access (imaps and pop3s and TLS send).
> 
> But LAN can't access web sites _ON_ the machine ?!?!?
> 
> I have some routing set up as below (IPs changed to protect the
> guilty :)  :
> 
> IF0='eth0'  #LAN
> IF1='eth1'  #WAN 1
> IF2='eth2'  #WAN 2
> IP0='192.168.0.101'
> IP1='10.20.1.241' #WAN1 IP
> IP2='10.20.2.82'  #WAN2 IP
> P0='192.168.0.101' #LAN IP
> P1='10.20.1.1'    #WAN1 gateway
> P2='10.20.2.1'    #WAN2 gateway
> P0_NET='192.168.0.0' #LAN NET
> P1_NET='10.20.1.0'  #WAN1 NET
> P2_NET='10.20.2.0'  #WAN2 NET
> 
> ip route add $P0_NET dev $IF0 src $IP0 table T0
> ip route add default via $P0 table T0
> 
> ip route add $P1_NET dev $IF1 src $IP1 table T1
> ip route add default via $P1 table T1
> 
> ip route add $P2_NET dev $IF2 src $IP2 table T2
> ip route add default via $P2 table T2
> 
> ip route add $P1_NET dev $IF1 src $IP1
> ip route add $P2_NET dev $IF2 src $IP2
> ip route add $P0_NET dev $IF0 src $IP0
> 
> #ip route add default via $P1
> 
> ip rule add from $IP1 table T1
> ip rule add from $IP2 table T2
> ip rule add from $IP0 table T0
> 
> ip route add $P1_NET     dev $IF1 table T0
> ip route add $P2_NET     dev $IF2 table T0
> ip route add 127.0.0.0/8 dev lo   table T0
> 
> ip route add $P0_NET     dev $IF0 table T1

Oops! This should be changed to:
ip route add $P0_NET/24   dev $IF0 table T1

> ip route add $P2_NET     dev $IF2 table T1
> ip route add 127.0.0.0/8 dev lo   table T1
> 
> ip route add $P0_NET     dev $IF0 table T2

Oops! This should be changed to:
ip route add $P0_NET/24   dev $IF0 table T2

> ip route add $P1_NET     dev $IF1 table T2
> ip route add 127.0.0.0/8 dev lo   table T2
> 
> ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \
> nexthop via $P2 dev $IF2 weight 1
> 
> 
> Last line does the magic for outgoing load balancing. The tables T0, T1
> and T2 exist and are loading OK as 'ip route show table Tx' will
> indicate.
> 
> It _looks_ like I have a route on every table to every network but data
> doesn't flow from LAN to web server. BUT LAN to email is OK.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- 
James P. Kinney III          
CEO & Director of Engineering 
Local Net Solutions,LLC        
770-493-8244                    
http://www.localnetsolutions.com

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part

More information about the Ale mailing list