Re: [OCLUG-Tech] iproute2

Subject: Re: [OCLUG-Tech] iproute2
From: bruce [ at ] computersupplyhouse [ dot ] com
Date: Tue, 01 Sep 2009 19:28:42 -0000

Really Really long time Bill.

This might sound really dumb, but can't you re-route packets and/orinterface by mac address, then to the mac or the router?



Quoting "Bill Strosberg" <oclug [ at ] strosberg [ dot ] com>:

All:

It's been years since I posted here.  I've got a situation that I could
use some help on.

I've got a client who is doing some interesting things.  I've got a
firewall with four Ethernet interfaces in that connects to the Internet
via PPPoE.

eth0 - Internal private network
eth1 - Public wireless network for their clients and visitor use
eth2 - connection to DSL via PPPoE
eth3 - connection to internal VOIP system (use for failover if dedicated
VOIP internet connection fails)
tun0 - OpenVPN
ppp0 - External connection

Everything has worked fine in this site for years.  The client recently
decided to move to a VOIP system for their internal phones, and it has
it's own Internet connection to the provider.  The VOIP provider's
proprietary router has an Ethernet interface to allow failover
connection to a secondary provider if their own network fails.

eth3 is set up as static 10.20.0.2/255.255.0.0/16 with the external
Ethernet interface on the VOIP router (10.20.0.1) as the default gateway
on the network.

I've set up iproute2 to add a new table in /etc/iproute2/rt_tables:

100   voip_provider
255   local
254   main
253   default

In /etc/network I've added a script if-post-up-eth3.sh:

ip rule add from 222.88.20.0/24 table voip_provider
ip rule add from 222.88.21.0/24 table voip_provider
ip rule add from 222.88.22.0/24 table voip_provider
ip route add default via 10.20.0.1 dev eth3 table voip_provider
ip route flush cache

ip masq is working for eth3.

I can connect a PC on the eth3 10.20.0.0/16 network and it has no
problem surfing etc.

What I want to do is have packets from all of the specified external
subnets routed out of the firewall to the address 10.20.0.1 on eth3.
Basically, all external traffic from these source address ranges need to
be forwarded to the VOIP provider's router, with no exception.

Any ideas?

--
Bill S



_______________________________________________
Linux mailing list
Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca
http://oclug.on.ca/mailman/listinfo/linux




Bruce Harding
Corporate Sales & Computer Books
Computer Supplyhouse
Phone 613-233-7357

references

[OCLUG-Tech] iproute2, Bill Strosberg

message navigation

previous by date: [OCLUG-Tech] iproute2
next by date: [OCLUG-Tech] White spaces in 'C' /kernel programming??
previous by thread: [OCLUG-Tech] iproute2
next by thread: Re: [OCLUG-Tech] iproute2