[PLUG] HELP ;-) Can't get routing table to work...

Michael Robinson plug_1 at robinson-west.com
Wed Dec 23 05:25:38 UTC 2009 

I am missing something.  I have been googling for hours to no avail.

[root at dodo firewall]# ip route list
192.168.4.16/28 via 192.168.4.2 dev eth2 
192.168.4.0/28 dev eth2  scope link 
192.168.5.0/28 dev eth1  proto kernel  scope link  src 192.168.5.2 
192.168.3.0/28 dev eth0  proto kernel  scope link  src 192.168.3.1 
192.168.4.48/28 via 192.168.4.2 dev eth2 
192.168.3.16/28 dev eth0  scope link 
192.168.4.32/28 via 192.168.4.2 dev eth2 
192.168.0.0/24 dev eth1  scope link 
127.0.0.0/8 dev lo  scope link 
[root at dodo firewall]# ip rule show
0:      from all lookup local 
32764:  from all fwmark 0x3 lookup lcl_xer 
32765:  from all fwmark 0x2 lookup lcl_web 
32766:  from all lookup main 
32767:  from all lookup 253 
[root at dodo firewall]# iptables -nvL -t mangle
Chain PREROUTING (policy ACCEPT 704K packets, 149M bytes)
 pkts bytes target     prot opt in     out     source
destination         
 3889  278K MARK       all  --  *      *       0.0.0.0/0
0.0.0.0/0          MAC 00:02:E3:02:C8:8F MARK set 0x3 
    1    66 MARK       all  --  *      *       0.0.0.0/0
0.0.0.0/0          MAC 00:40:F4:2D:AF:5C MARK set 0x2 
  959 94991 MARK       all  --  *      *       0.0.0.0/0
0.0.0.0/0          MARK set 0x3 
    0     0 LOG        all  --  *      *       192.168.1.0/24
0.0.0.0/0          LOG flags 0 level 4 prefix `lan_source:' 
    0     0 LOG        all  --  *      *       0.0.0.0/0
192.168.1.0/24     LOG flags 0 level 4 prefix `lan_destination:' 

Chain INPUT (policy ACCEPT 703K packets, 149M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain FORWARD (policy ACCEPT 263 packets, 75666 bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain OUTPUT (policy ACCEPT 675K packets, 175M bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain POSTROUTING (policy ACCEPT 675K packets, 175M bytes)
 pkts bytes target     prot opt in     out     source
destination         
[root at dodo firewall]# ip route list table lcl_xer
192.168.1.0/24 via 192.168.3.2 dev eth0 
192.168.1.0/24 via 192.168.4.2 dev eth2  metric 2 
[root at dodo firewall]# ip route list table lcl_web
192.168.1.0/24 via 192.168.3.18 dev eth0 
192.168.1.0/24 via 192.168.4.2 dev eth2  metric 2 
[root at dodo firewall]# 

As you can see, routing table lcl_xer and routing table
lcl_web both have routing rules for 192.168.1.0/24.
Oddly enough, the logging rules in the mangle table
never trigger.  When I try to ping 192.168.1.1 I
just get an error that the network is unreachable.
This is not in the advanced routing howto guide
folks.  The kernel is 2.4.22 and yes I checked
for MARK support and yes I did compile it in.
It appears that the kernel not seeing a route in
the main table doesn't produce any packets.

More information about the PLUG mailing list