help with iproute!!
Hi to all,
I need some help with iproute..
This is the topology of the network I'm trying to set up. I wanted some help regarding the setting of ip route rules. Basically, PC_A wants to communicate with PC_D. Both hosts are directly connected to 2 other multi-homed PCs (B and C), which distribute traffic over Firewalls FW1 & FW2. B and C have three NICs each (eth0,1,2) while FW1 and FW2 have 2 each (eth0,1).
I want to do per-packet firewall load balancing. So I used the following commands:
ip route add default scope global equalize nexthop via $IPaddr_PC_C_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_C_eth2 dev eth2 weight 1
ip route add default scope global equalize nexthop via $IPaddr_PC_B_eth1 dev eth1 weight 1 nexthop via $IPaddr_PC_B_eth2 dev eth2 weight 1
ip route add 192.168.10.0/24 via $IPaddr_PC_B_eth0
ip route add 192.168.10.0/24 via $IPaddr_PC_C_eth0
FW1 & FW2:
I used an iptables rule to forward traffic from eth0 to eth1 on the firewall nodes.
I have enabled ip forwarding (ip_forward) and disabled return path filtering (rp_filter) on B, C, FW1 and FW2. PCs B and C have 2.6.16 kernels with kernel options like advanced routing (CONFIG_IP_ADVANCED_ROUTER) and multipath route support selected.
I'm getting Destination host Unreachable msg. Can anyone tell me what am I doing wrong in the routing and/or what I'm not doing? Pls help..
___________ _____________ _________
| | | | | |
| eth1|-----|eth0 FW1 eth1 |----|eth1 |
| | |_____________| | |
PC_A--|eth0 PC_B | |PC_C eth0|--PC_D
| | _____________ | |
| eth2|-----|eth0 FW2 eth1 |----|eth2 |
|___________| |_____________| | ________|