All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] local address routeable?
@ 2003-07-07  8:09 Christian Stuellenberg
  2003-07-16 18:31 ` Julian Anastasov
  0 siblings, 1 reply; 2+ messages in thread
From: Christian Stuellenberg @ 2003-07-07  8:09 UTC (permalink / raw)
  To: lartc

Hello all,

I've got a problem to set up a configuration that shoud allow to route
packets that come in over a certain interface(s) IF1 that then should
go out to another interface IF2 but are addressed to the local address
of interface IF3.  So only if packets for the address of interface IF3
come in over interface IF3 they should be locally accepted.

            +------+
+---IF2/IP2-| HOST |-IF1/IP1---...LAN
.           +------+
.              |
.           IF3/IP3
|              |
|              |
|              |
+-Internet--...+

So, to accomplish the above scenario, I thought that it must be
possible to change the routing tables in such a way, that also the
local interfaces become routeable (is this anyway possible?).

To do this, I wanted to remove the local IP3 from table local:
ip route del local $IP3 dev lo src $IP3 table local

Now I just put for test reasons the same entry to another table:
ip route add local $IP3 dev lo src $IP3 table $ANOTHER_TABLE
ip rule add from any lookup $ANOTHER_TABLE
ip route flush cache


To my thought, the routing up to now should not have changed its
behaviour, but the following occurs:  On the same host I could not
ping the IP3 any more and so also from any other host.

If I do a ip route get $IP3 the result looks like:
$IP3 via $DEFAULT_GW dev $DEFAULT_DEV src $DEFAULT_DEV_IP 
     cache  mtu 1500 advmss 1460

If I'm right, this should tell me, that the kernel now no longer can
recognize its IP3?!


So, is it possible to do what I wanted to do or did I did something
not the right way?


I'm sorry if this question has been asked over and over again, but I
have googled and looked into the archives but haven't found a solution
that fits my needs.

Best regards,
Christian

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [LARTC] local address routeable?
  2003-07-07  8:09 [LARTC] local address routeable? Christian Stuellenberg
@ 2003-07-16 18:31 ` Julian Anastasov
  0 siblings, 0 replies; 2+ messages in thread
From: Julian Anastasov @ 2003-07-16 18:31 UTC (permalink / raw)
  To: lartc


	Hello,

On Mon, 7 Jul 2003, Christian Stuellenberg wrote:

> I've got a problem to set up a configuration that shoud allow to route
> packets that come in over a certain interface(s) IF1 that then should
> go out to another interface IF2 but are addressed to the local address
> of interface IF3.  So only if packets for the address of interface IF3
> come in over interface IF3 they should be locally accepted.

	Yes, you have a big problem. Starting from kernels 2.4
and above the routing requires valid source IPs for output
routes. Even if you deliver locally the incoming traffic your
servers can not generate reply if the src IP is not local IP.
What I do not understand from your posts is what is the main
goal? Also, what means "..."? Please, draw picture with all
wires and all kinds of hardware involved: hubs, routers, subnets.

>             +------+
> +---IF2/IP2-| HOST |-IF1/IP1---...LAN
> .           +------+
> .              |
> .           IF3/IP3
> |              |
> |              |
> |              |
> +-Internet--...+

> If I'm right, this should tell me, that the kernel now no longer can
> recognize its IP3?!

	Yes, the routing code does additionally lookup for
IPs configured on interfaces (yet). The routing decisions are
based on:

- routing table lookups
- IP lookups and checks

> So, is it possible to do what I wanted to do or did I did something
> not the right way?

	I'm not sure there is a right way. The task is not trivial.
May be in some next kernel that allows the admin to create any
route and not to apply any IP checks. You now do not have the
full right to add any routes, that is the problem. You can not
control the spoofing checks when saddr=local_IP, the preferred
src IP must be local IP.

> I'm sorry if this question has been asked over and over again, but I
> have googled and looked into the archives but haven't found a solution
> that fits my needs.
>
> Best regards,
> Christian

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-07-16 18:31 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-07-07  8:09 [LARTC] local address routeable? Christian Stuellenberg
2003-07-16 18:31 ` Julian Anastasov

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.