Hi to all,

I need some help with iproute..

This is the topology of the network I'm trying to set up. I wanted some help regarding the setting of ip route rules. Basically, PC_A wants to communicate with PC_D. Both hosts are directly connected to 2 other multi-homed PCs (B and C), which distribute traffic over Firewalls FW1 & FW2. B and C have three NICs each (eth0,1,2) while FW1 and FW2 have 2 each (eth0,1).

I want to do per-packet firewall load balancing. So I used the following commands:

On PC_B:
ip route add default scope global equalize nexthop via $IPaddr_PC_C_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_C_eth2 dev eth2 weight 1

On PC_C:
ip route add default scope global equalize nexthop via $IPaddr_PC_B_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_B_eth2 dev eth2 weight 1

On PC_A:

ip route add 192.168.10.0/24 via $IPaddr_PC_B_eth0

On PC_D:
ip route add 192.168.10.0/24 via $IPaddr_PC_C_eth0

FW1 & FW2:
I used an iptables rule to forward traffic from eth0 to eth1 on the firewall nodes.


I have enabled ip forwarding (ip_forward) and disabled return path filtering (rp_filter) on B, C, FW1 and FW2. PCs B and C have 2.6.16 kernels with kernel options like advanced routing (CONFIG_IP_ADVANCED_ROUTER) and multipath route support selected.

I'm getting Destination host Unreachable msg. Can anyone tell me what am I doing wrong in the routing and/or what I'm not doing? Pls help..


___________ _____________ _________
| | | | | |
| eth1|-----|eth0 FW1 eth1 |----|eth1 |
| | |_____________| | |
PC_A--|eth0 PC_B | |PC_C eth0|--PC_D
| | _____________ | |
| eth2|-----|eth0 FW2 eth1 |----|eth2 |
|___________| |_____________| | ________|



Warm regards,
Visham