My brain is fried, so my apologies if this seems easy, but I'm not having any luck
I've got two routes to the internet
Lets call them 1.1.1.1/24 [wan1] and 2.2.2.2/24 [wan2]
The metric on 1.1.1.1 is: 1
The metric on 2.2.2.2 is: 2
When I try to ping the 2.2.2.2 interface from the WAN side (the internet), the pings don't come back.
I'm pretty sure it's a routing issue, since I can see them inbound, and if I change the metric on 1.1.1.1 to 3
then they all come back. [since wan2 is now the lowest metric route.]
So, I need a way to allow those pings to return to the sending host.
[I've tinkered with a mangle rule that would mark them and handle it that way, but no luck]
It's likely I'm just doing it wrong.
However, several additional details.
Assume I don't know the src-addr of the host sending ICMP pings
{i do, but I'm not wanting to put it in the rule)
So, essentially I think I'd like a method to allow all ICMP requests inbound on that interface (2.2.2.2) named wan2 to send any ICMP responses out the 2.2.2.2 interface (call it wan2).
All other traffic we'll just handle the way it is.
---
I did finally get it to work, but wondered if this was the "best" way to do it.
----
Here's what I did.
mangle/pre-route: Identified traffic coming from wan2, that was also icmp traffic. Connection marked it with "abc"
mangle/output: Identified traffic that had the connection-mark of "abc" and route-marked it with "def"
Then created a "default" route for traffic route-marked with "def" and routed it out wan2
Glad for pointers if you've got 'em.
-Greg
Responding to ICMP traffic on an intrface with a high metric
Greg,
I know this isn't exactly what your looking for but if you look at the PCC example in the manual, it does a good job of marking stuff coming in and making sure it goes out that same pipe with two ISPs. You just don't need the mangles to send stuff out both pipes based on the PCC hashes. I'm sure if you look at the example you'll get some inspiration and be able to fix your issue or adapt it to your needs.
I know this isn't exactly what your looking for but if you look at the PCC example in the manual, it does a good job of marking stuff coming in and making sure it goes out that same pipe with two ISPs. You just don't need the mangles to send stuff out both pipes based on the PCC hashes. I'm sure if you look at the example you'll get some inspiration and be able to fix your issue or adapt it to your needs.
Re: Responding to ICMP traffic on an intrface with a high me
Thanks.
That example handles is just as I did, so that's nice.
Glad for any other pointers if applicable!
-Greg
That example handles is just as I did, so that's nice.
Glad for any other pointers if applicable!
-Greg