[NTLUG:Discuss] routing concept

Richard ntlug at rain4us.net
Sat Mar 1 12:39:16 CST 2008 

On Fri, Feb 29, 2008 at 4:03 PM, Richard <ntlug at rain4us.net> wrote:
> > I'm struggling with a routing concept and I'm wondering what the
> > best way to implement this would be.
> >
> > I have an internet connection that has been assigned a SINGLE ip
> > address with a class C addreses.   Then I have a /29 subnet being
> > routed TO that single ip address on the class C subnet.

[best viewed with a non-proportional based font]

                        ______
 \                     |      |
I \4.2.2.1      4.2.2.3|      |
S |--------------------|      |eth1
P |                eth0|      |------
 /                     |      |
                       |      |
                  hdlc0|      |
   To ISP#1<-----------|______|



Let me see if I can explain this better.  Let's say that I've been given
a real world IP address of 4.2.2.3 for a real world address with a gateway
of 4.2.2.1.   Getting that bound is easy and works. 


Now let's say that the ISP is routing 5.2.2.0/29 to me. (That leaves
me with the IP address range  5.2.2.0 - 5.2.2.7)  Those ip addresses will
be routed THROUGH 4.2.2.3.  This means that I am going to have to bind the
5.2.2.0/29 subnet SOMEWHERE in the Linux box.  Now If I just bind an IP
address like 5.2.2.1 as a secondary IP address on ETH0 (eth0:1), what am I
going to have to do to get the packets to route properly?  I'm wondering
if I'll have to set the default route of eth0:1 to be the 4.2.2.3 address.

My other thoughts is that I'm going to have to have a different nic 
(whether
physical or virtual) onto which to bind the addresses.


                        ________________
  \                     |                |
I  \4.2.2.1      4.2.2.3|5.2.2.1         |10.x.x.x
S  |--------------------|--------        |---------
P  |                eth0|eth0:1          |eth1
#  /                    |(eth0:x)        |
2 /                     | ?Default route |
                        |   for eth0:x ? |
                        |                |
                   hdlc0|                |
    To ISP#1<-----------|________________|

Now comes iptables, DNAT and SNAT.   I am going to guess that all of my 
firewall
rules will be based on the eth0:x interfaces (and their associated IP 
address).
The thing is, when adding dead gateway detection
( http://www.ssi.bg/~ja/ ) into the mix, how do I handle ensuring that the
outgoing packets have the proper SNAT address?  The eth0 interface will 
need to
be the one to participate in DGD since it is THAT route that would be 
the route
that is critical if it were down, yet netfilter will be source NATing 
the packets
from the 'internal' (eth0:x 5.2.2.x) segment.  When the kernel makes a 
routing
decision of which SNAT interface to use (hdlc0 or eth0:X) the answer can 
never
be considered correct because eth0:X will ALWAYS be up...because it's local!

Maybe I'm stuck in some circular logic...or don't have a proper grasp on 
this.
I've come to regard ntlug as one of the BEST place for competent support 
so I
gravitate here to resolve my issues.  However, I realize that there may be a
better place for me to discuss this issue? If anyone can refer me to such a
place, I'd be grateful.

NOTES:

* 4.2.2.1, 4.2.2.2, and 4.2.2.3 are the old GTE (now verizon) dns server
addresses and are NOT my addresses.  5.2.2.x is..well something I pulled 
out of
thin air.

* Other links of interest.. 
** 
http://www.experts-exchange.com/Networking/Linux_Networking/Q_21828553.html
** http://lartc.org/howto/lartc.rpdb.multiple-links.html
** 
http://www.experts-exchange.com/Networking/Linux_Networking/Q_21828553.html

{It would be nice to have an email client that understood pmwiki 
formatting! :)}

By the way, Patrick, thanks again for pmwiki - I live and die by the 
documentation
I can keep in there.

-- 
Richard

More information about the Discuss mailing list