[CentOS] routing problem?

Sun Feb 10 22:51:24 UTC 2013
Gordon Messmer <yinyang at eburg.com>

On 02/08/2013 07:39 AM, Natxo Asenjo wrote:
> Do you have any tips on how to reach vlan 5 on the virt host from vlan 1?

Not without the configuration from your switch.

The most likely problem is this:  Your workstation is sending traffic to 
192.168.5.10.  The switch sends it through VLAN 5 to eth2 on your 
virtualization host.  The host replies to that traffic using the correct 
address, but through interface eth0, since that is the only interface 
with a route to the workstation.  Those packets would go to the default 
gateway.  Either your switch or your default gateway may be doing 
ingress filtering, or reverse path filtering, or stateful firewalling. 
Any of those would block the reply traffic, and at least one of them is 
very likely in place by default on either an L3 switch or a router.

What you're attempting to do is called multi-homing, and it's fairly 
complicated to do on Linux.  You need to have multiple default routes, 
and you need the kernel to select the default route based on the 
addresses of the packets that it sends.  That involves making multiple 
routing tables, tagging packets pre-routing, and using ip rules to 
select the appropriate routing table.  Shorewall will simplify this if 
you use it to build your firewall rules.