[ale] Question on Routes

Phil Turmel philip at turmel.org
Mon Jul 30 13:39:11 EDT 2012


Hi Chuck,

On 07/28/2012 10:54 PM, Chuck Payne wrote:
> Guys,
> 
> I am going to be switching ISP soons, but until then I am going to run
> two. I have an issue because I don't think I am doing something right.
> I can ping the new ISP, but I can't hit the old one from the outside
> world. I can ping it from the inside,  Here is my network
> 
> 
> eth0 --> br0 192.168.0.2 network 255.255.255.0  192.168.0.0/24 Internal
> eth1 --> br1 69.176.136.2 netmask 255.255.255.240 69.176.136.0/28 old ISP
> eth2 51.190.58.229. netmask 255.255.255.248 51.190.58.224/29
> 
> Here is what my routing table looks like.....
> 
>  route
> Kernel IP routing table
> Destination               Gateway         Genmask                Flags
> Metric Ref    Use Iface
> 51-190-58-224-s            *                  255.255.255.248       U
>    0      0        0 eth2
> 69.176.136.0             69.176.136.1    255.255.255.240       UG    0
>      0        0 br1
> 192.168.105.0               *                 255.255.255.0
> U     0      0        0 br0
> link-local                       *                 255.255.0.0
>      U     0      0        0 eth2
> loopback                       *                 255.0.0.0
>     U     0      0        0 lo
> default                     51-190-58-230-s 0.0.0.0
> UG    0      0        0 eth2

^^^^^^^^^^ This is the smoking gun.

> I need to make sure it working until I can get everything switch over.
> Is there something I am doing wrong?

Yes, you are trying to use two outbound links without custom settings.

Standard routing expects there to be one and only one route between you
and any given target IP address.  A ping that comes in on the "wrong"
interface will be replied to, but via the default route.  That reply
packet should have a source address based on its original arrival
interface, which won't be appropriate for the pipe it goes out on,
and is likely to be filtered out along the way.

What you are trying to do is partially achievable with policy routes,
but only for connection-based protocols (TCP vs UDP).  Ping is not
connection-based.

To finish your test, temporarily replace your default route with the
other one.

If that works (and ping then fails on the old address) you can expect
the final switchover to succeed.

HTH,

Phil


More information about the Ale mailing list