<div>Guys, </div> <div> </div> <div>please I have no luck with this. I have 2 ISPS. I have working configuration with ip route a 2 routing tables in a way, that matching local subnet uses second provider while all the others are using the first one - main.</div> <div> </div> <div>The main problem I am having is, that I am unable to reach my router via public ip address of that second ISP.</div> <div> </div> <div>This is my default routing table </div> <div> </div> <div>[root@sx1 cron.hourly]# ip route show table main<br>194.228.196.39 dev ppp0 proto kernel scope link src 90.178.76.117 <br>10.123.50.101 dev ppp2 proto kernel scope link src 10.123.50.1 <br>10.123.50.100 dev ppp1 proto kernel scope link src 10.123.50.1 <br> <a href="http://213.194.242.0/24">213.194.242.0/24</a> dev eth1 proto kernel scope link src 213.194.242.198 <br><a href="http://10.123.20.0/24">10.123.20.0/24</a> dev eth0 proto kernel scope link src 10.123.20.1 <br> <a href="http://10.123.10.0/24">10.123.10.0/24</a> dev eth0 proto kernel scope link src 10.123.10.11 <br><a href="http://10.123.11.0/24">10.123.11.0/24</a> dev eth0.8 proto kernel scope link src 10.123.11.1 <br><a href="http://10.123.42.0/24">10.123.42.0/24</a> dev eth0.5 proto kernel scope link src 10.123.42.1 <br> <a href="http://10.123.123.0/24">10.123.123.0/24</a> dev eth0.7 proto kernel scope link src 10.123.123.1 <br><a href="http://10.123.40.0/24">10.123.40.0/24</a> dev eth0.4 proto kernel scope link src 10.123.40.1 <br> <a href="http://10.123.30.0/24">10.123.30.0/24</a> dev eth0 proto kernel scope link src 10.123.30.1 <br><a href="http://10.123.44.0/24">10.123.44.0/24</a> dev eth0.6 proto kernel scope link src 10.123.44.1 <br><a href="http://169.254.0.0/16">169.254.0.0/16</a> dev eth0.8 scope link <br> default via 213.194.242.1 dev eth1 </div> <div> </div> <div>As you can see , my default provider has gateway 213.192.252.1 , connected via eth1 . This works fine for me.</div> <div> </div> <div>Second configuration is ip rule based, when subnet <a href="http://10.123.123.0/24">10.123.123.0/24</a> goes to routing table adsl</div> <div> </div> <div>[root@sx1 cron.hourly]# ip rule show<br>0: from all lookup 255 <br>32764: from all fwmark 0x1 lookup adsl-vpn <br>32765: from <a href="http://10.123.123.0/24">10.123.123.0/24</a> lookup adsl <br>32766: from all lookup main <br> 32767: from all lookup default </div> <div> </div> <div>[root@sx1 cron.hourly]# ip route show table adsl<br>194.228.196.39 dev ppp0 scope link src 90.178.76.117 <br><a href="http://10.123.123.0/24">10.123.123.0/24</a> dev eth0.7 scope link src 10.123.123.1 <br>default via 194.228.196.39 dev ppp0</div> <div> </div> <div>As you can see in this case, all trafic goes via ppp0 (my second internet provider connected via ppp0 - adsl ppoe).</div> <div> </div> <div>This works fine.</div> <div> </div> <div>What I want to achieve is, now being able to ping /access/whatever to my server via second public IP address of my adsl provider (90.178.76.117).</div> <div>To achieve this i have added iptables rule, which marks all packets comming via ppp0 (iptables -t mangle -A PREROUTING -i ppp0 -j MARK --set-mark 0x1).</div> <div> </div> <div>And created another routing table named adsl-vpn</div> <div> </div> <div>[root@sx1 cron.hourly]# ip route show table adsl-vpn<br>194.228.196.39 dev ppp0 scope link src 90.178.76.117 <br><a href="http://10.123.10.0/24">10.123.10.0/24</a> dev eth0 scope link src 10.123.10.11 <br>default via 194.228.196.39 dev ppp0 </div> <div> </div> <div>Now i have added ip rule, which for all packets marked as 1 , which are the ones which came trough ppp0 = my second ISP, uses table adsl-vpn</div> <div> </div> <div>[root@sx1 cron.hourly]# ip rule show<br>0: from all lookup 255 <br>32764: from all fwmark 0x1 lookup adsl-vpn <--- this one<br>32765: from <a href="http://10.123.123.0/24">10.123.123.0/24</a> lookup adsl <br>32766: from all lookup main <br> 32767: from all lookup default </div> <div> </div> <div>Well, now I should be able definitely to ping my server from outside, but it does not works</div> <div> </div> <div>Pinging from windows machine in outside world :</div> <div> </div> <div>C:\Users\boss>ping 90.178.76.117</div> <div>Pinging 90.178.76.117 with 32 bytes of data:<br>Request timed out.<br>Request timed out.<br>Request timed out.</div> <div>Ping statistics for <a href="http://90.178.76.117">90.178.76.117</a>:<br>Packets: Sent = 3, Received = 0, Lost = 3 (100% loss),</div> <div> </div> <div>If i will tcpdump my ppp0 interface on my router I see the ICMP echo requests are comming</div> <div> </div> <div>[root@sx1 cron.hourly]# tcpdump -i ppp0<br>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br>listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes<br>09:08:27.743789 IP <a href="http://adsl-dyn118.78-98-105.t-com.sk">adsl-dyn118.78-98-105.t-com.sk</a> > <a href="http://gw2.cz.polarion.com">gw2.cz.polarion.com</a>: ICMP echo request, id 1, seq 72, length 40</div> <div> </div> <div>But, echo responses from my server NOT, instead of that, responses are comming out of eth1 interface , which is my first ISP!</div> <div> </div> <div>[root@sx1 cron.hourly]# tcpdump -i eth1 |grep ICMP<br>tcpdump: verbose output suppressed, use -v or -vv for full protocol decode<br>listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes<br>09:09:30.451706 IP <a href="http://gw2.cz.polarion.com">gw2.cz.polarion.com</a> > <a href="http://adsl-dyn118.78-98-105.t-com.sk">adsl-dyn118.78-98-105.t-com.sk</a>: ICMP echo reply, id 1, seq 73, length 40<br> 09:09:35.409704 IP <a href="http://gw2.cz.polarion.com">gw2.cz.polarion.com</a> > <a href="http://adsl-dyn118.78-98-105.t-com.sk">adsl-dyn118.78-98-105.t-com.sk</a>: ICMP echo reply, id 1, seq 74, length 40</div> <div> </div> <div>This means that either mange is not working or ip rule is not working .</div> <div> </div> <div>Please help,</div> <div>David</div> <div> </div> <div> </div> <div> </div> <div> </div>