Re: [LARTC] Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.

[Alex Samad <alex@samad.com.au>]

On Tue, Feb 13, 2007 at 10:54:51PM +0100, Paul Viney wrote:
> Thanks for the advice, Alex. I've been able to add both default routes - I 
> hadn't considered using the metric to avoid using the VPN link. 
> I guess I wasn't very clear with my use of 64.233.183.103, which was meant to 
> be a random internet address coming in over the VPN link, not the default 
> internet link.
> what exactly does the " prohibit default  proto static  metric 100 " in your 
> routing table do? Haven't you already had a default route which would trigger 
> before reaching this rule?
it been a while since I looked over this, but from memory, if the link goes
down, it stops the route table being used

> 
> I still seem to have much the same problem. I no longer get ICMP unreachable 
> errors, but the packet just seems to disappear - I can't see it being 
> forwarded on any interface, nor can I find any kind of reply - icmp or 
> otherwise.

sounds like a firewall issue!

> 
> ip route get <random internet address> to 192.168.12.5      gives
> 192.168.12.5 dev eth3  src 192.168.12.1
>     cache  mtu 1500 advmss 1460 metric 10 64
> 
> ip route get <random internet address> to 192.168.12.5 iif eth1   gives
> RTNETLINK answers: Invalid argument

try

ip r g <random internet address> from 192.168.12.5, I  seem to be getting the
same error as you

> 
> Am I not understanding how "ip route get" works? The man pages are fairly 
> succinct in their explanation.
> 
> Thanks for your help,
> 
> Paul Viney
> 
> 
> On Tuesday 13 February 2007 21:40, Alex Samad wrote:
> > On Tue, Feb 13, 2007 at 02:50:13PM +0100, Paul Viney wrote:
> > > Hi all,
> > >
> > > I'm trying to set up a computer with 2 routes to the internet, much as
> > > described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One
> > > of my interfaces (eth5, 192.168.2.2) is only used for traffic originating
> > > inside the network. The other (eth1, 192.168.1.2) is only used for a VPN,
> > > where all (udp) traffic originates from outside our network. I have
> > > created a second routing table for eth1, with its own default gateway,
> > > and selected it with ip rule from 192.168.1.2 iif lo lookup 4. All this
> > > works fine.
> > > My problem is that one of the udp ports is forwarded to another server
> > > using iptables:
> > > /sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport
> > > 4902 -j DNAT --to 192.168.12.5:4902
> > >
> > > using tcpdump on eth1, I can see that the incoming packets receive an
> > > icmp rejection, and when I try something like
> > >
> > > ip route get 192.168.12.5 from 64.233.183.103 iif eth1
> > > I get "RTNETLINK answers: Invalid argument"
> > >
> > > If I try
> > > ip route get 192.168.12.5 from 64.233.183.103 iif eth5
> > > I get
> > > 192.168.12.5 from 64.233.183.103 dev eth3  src 192.168.2.2
> > >     cache  mtu 1500 advmss 1460 metric 10 64 iif eth5
> > >
> > > which leads me to conclude that the difference has something to do with
> > > the default route.
> > > I've tried things like
> > > ip rule add iif eth1 lookup 4   (4 being my custom routing table)
> > > ip rule add from 192.168.1.2 lookup 4
> > >
> > > and even
> > > iptables -t nat -I PREROUTING -i eth1 -p udp -j MARK --set-mark 1
> > > ip rule from all fwmark 0x1 lookup 4
> > > ip route flush cache
> > >
> > > I'm using linux 2.6.19.2 + grsecurity patches, every option I could find
> > > compiled in, on an up to date gentoo system.
> > >
> > > Can anyone see what I'm missing?
> > >
> > > Thanks,
> > >
> > > Paul Viney
> > >
> > >
> > > ip route show
> > > 192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
> > > 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
> > > 192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
> > > 127.0.0.0/8 dev lo  scope link
> > > default via 192.168.2.1 dev eth5
> > >
> > > ip route show table 4
> > > 192.168.2.0/24 dev eth5  proto kernel  scope link  src 192.168.2.2
> > > 192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.2
> > > 192.168.12.0/24 dev eth3  proto kernel  scope link  src 192.168.12.1
> > > 127.0.0.0/8 dev lo  scope link
> > > default via 192.168.1.1 dev eth1
> > >
> > > ip rule show
> > > 0:      from all lookup local
> > > 9999:   from all fwmark 0x1 lookup 4
> > > 10000:  from 192.168.1.2 iif lo lookup 4
> >
> > if the ip address on eth1 is 64.233.183.103  then you need a rule
> > 10001:  from 64.233.183.103 lookup 4
> >
> > I don't think the fwmark rule will work with ip route get.
> >
> > Plus your routing information in table 4, you are saying that the default
> > address is available via 192.168.1.1 ???? that doesn't match up with
> > 64.233.183.103
> >
> >
> >
> > this is my ip ru
> > 0:      from all lookup local
> > 200:    from 144.132.147.156 lookup cable
> > 201:    from 60.241.248.86 lookup adsl
> > 32766:  from all lookup main
> > 32767:  from all lookup default
> >
> >
> > 144.132.147.156 is one isp, 60.241.248.86 is the other one
> >
> > ip r sh tab cable
> > 192.168.8.248/29 dev tap0  scope link  src 192.168.8.249
> > 192.168.11.0/24 dev vlan0  scope link  src 192.168.11.1
> > 192.168.10.0/24 dev eth1  scope link  src 192.168.10.1
> > default via 144.132.144.1 dev vlan2  proto static  src 144.132.147.156 
> > metric 50
> > prohibit default  proto static  metric 100
> >
> >
> > ip r sh tab adsl
> > 192.168.8.248/29 dev tap0  scope link  src 192.168.8.249
> > 192.168.11.0/24 dev vlan0  scope link  src 192.168.11.1
> > 192.168.10.0/24 dev eth1  scope link  src 192.168.10.1
> > default via 10.20.20.168 dev ppp0  proto static  src 60.241.248.86  metric
> > 20 prohibit default  proto static  metric 100
> >
> > ip r sh tab default
> > default  proto static  metric 5
> >         nexthop via 144.132.144.1  dev vlan2 weight 1
> >         nexthop via 10.20.20.168  dev ppp0 weight 20
> > default via 10.20.20.168 dev ppp0  src 60.241.248.86  metric 20
> > default via 144.132.144.1 dev vlan2  src 144.132.147.156  metric 30
> >
> >
> > The difference for you should be in the default table, you will not need
> > default  proto static  metric 5
> >         nexthop via 144.132.144.1  dev vlan2 weight 1
> >         nexthop via 10.20.20.168  dev ppp0 weight 20
> >
> >
> > cause you want all your traffic to go out 1 link.
> >
> > alex
> >
> > > 30000:  from all lookup main
> > > 30000:  from all lookup default
> > > _______________________________________________
> > > LARTC mailing list
> > > LARTC@mailman.ds9a.nl
> > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>

signature.asc
Description: Digital signature

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc