Re: can I use ip route to dst:port

To:	Julian Anastasov <ja@xxxxxx>
Subject:	Re: can I use ip route to dst:port
Cc:	Joseph Mack <mack.joseph@xxxxxxxxxxxxxxx>, lvs-users@xxxxxxxxxxxxxxxxxxxxxx, Roberto Nibali <ratz@xxxxxx>, Horms <horms@xxxxxxxxxxxx>, busterb@xxxxxxxxxxxxxxx, J.D.F.Palmer@xxxxxxxxxxxxx
From:	Joseph Mack <mack.joseph@xxxxxxx>
Date:	Fri, 29 Mar 2002 17:21:13 -0500

Julian Anastasov wrote:
> 
>         Hello,
> 
> On Fri, 29 Mar 2002, Joseph Mack wrote:
> 
> > er, OK, why do I need one? The src_addr = RIP not 0/0
> 
>         How RIP appears as src in your packets? :)

when I do

ip route add from 0/0 via SERVER_GW table 3_TIER

it says I already have this route. Listing the routes

ip route show table 3_TIER

default via SERVER_GW dev eth0

so this hasn't helped yet. (Apparently I was already doing
this without understanding why).

>         If you know src IP you can bind to it, if you don't
> know it, you ask one from the routing or by walking the list
> with IPs.

I see
 
>         Can this work (merge it)?:

(hmmm, rubs chin vigorously, hoping it will aid understanding
of what's happening)
 
> # you still can select RIP for talks with direct networks:
> ip rule add prio 50 table main

no effect
 
> # Here is the place for rules with fwmark
> 
> # don't allow traffic bound to RIP or connected routes to use RIP
> # when talking to universe
> ip rule add prio 150 from RIP to 0/0 prohibit

if I add the rule below (ip rule add prio 200 table RIP) and then
I add this rule, connections become blocked again. If I change
the priority to 250, connections start again.
 
> # you still can select RIP as src but this is useless without
> # fwmark routing
> ip rule add prio 200 table RIP

this allows connection, but all packets from RIP, not just the packets to
0/0:telnet (the fwmark'ed packets) are going through. 
 
> but the things can be more complex, you have to try it.
> I don't see your ip rules by fwmark

yes it wasn't in the original posting and I don;t know why

here is the realserver just setup to fwmark packets to 0/0:telnet
(none of the LVS routing is setup)

realserver:/etc/lvs/# ip rule show
0:      from all lookup local
99:     from RIP fwmark         1 lookup 3_TIER
200:    from all lookup 3_TIER
250:    from RIP lookup main prohibit
32766:  from all lookup main
32767:  from all lookup 253     

realserver:/etc/lvs# ip route show table 3_TIER
default via SERVER_GW dev eth0

 
I think I will go have a beer. 

Joe

-- 
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center, 
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA

<Prev in Thread]	Current Thread	[Next in Thread>
can I use ip route to dst:port, Joseph Mack Re: can I use ip route to dst:port, Padraig Brady Re: can I use ip route to dst:port, Roberto Nibali Re: can I use ip route to dst:port, Roberto Nibali Re: can I use ip route to dst:port, Joseph Mack Re: can I use ip route to dst:port, Julian Anastasov Re: can I use ip route to dst:port, Joseph Mack Re: can I use ip route to dst:port, Julian Anastasov Re: can I use ip route to dst:port, Joseph Mack Re: can I use ip route to dst:port, Julian Anastasov Re: can I use ip route to dst:port, Joseph Mack <= Re: can I use ip route to dst:port, Julian Anastasov Re: can I use ip route to dst:port, mack@xxxxxxxxxxxx

Previous by Date:	Re: can I use ip route to dst:port, Julian Anastasov
Next by Date:	Re: can I use ip route to dst:port, Julian Anastasov
Previous by Thread:	Re: can I use ip route to dst:port, Julian Anastasov
Next by Thread:	Re: can I use ip route to dst:port, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]