Thanks for the tip.. Indeed, I was seeing that the incoming packets were basically following the default route out back to the internet (took quite a while to troubleshoot, but adding a raw iptables rule with trace action let me see that the packets were being sent out to eth0
iptables -t raw -I PREROUTING -p icmp -j TRACE
(you can find the traces in /var/log/messages).. and you can delete the trace with this rule:
iptables -t raw -D PREROUTING -p icmp -j TRACE
(in my case, I was tracing only ICMP packets to make my life easier)
Regardless.. is there any chance of getting this solved in a maintenance release?
Also, I have 6 routing tables as I have different load-balance groups (a general LB group, one which is client-ip-sticky for https and a third one which is active/stand-by for SIP traffic). I basically run 3 times the probes over the same WAN interfaces.. is there an alternative to this?
Im my case, this is the output of your command:
root@router:/var/log# /usr/sbin/ubnt-add-connected.pl
Connected routes found = 7
Route tables found = 6
Adding routes to table 201
Adding routes to table 202
Adding routes to table 203
Adding routes to table 204
Adding routes to table 205
Adding routes to table 206
load-balance member [Sticky-LB-eth1]
status = active
route table 206
default via 192.168.100.1 dev eth1
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
load-balance member [SIP-eth1]
status = failover
route table 204
default via 192.168.100.1 dev eth1
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
load-balance member [G-eth1]
status = active
route table 202
default via 192.168.100.1 dev eth1
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
load-balance member [SIP-eth0]
status = active
route table 203
default via 190.111.238.1 dev eth0
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
load-balance member [Sticky-LB-eth0]
status = active
route table 205
default via 190.111.238.1 dev eth0
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
load-balance member [G-eth0]
status = active
route table 201
default via 190.111.238.1 dev eth0
blackhole default metric 256
10.255.255.0 dev l2tp0 scope link
127.0.0.0/8 dev lo scope link
190.111.238.0/24 dev eth0 scope link
192.168.1.0/24 dev switch0 scope link
192.168.2.10 dev l2tp0 scope link
192.168.100.0/24 dev eth1 scope link
192.168.129.0/24 dev eth2.1000 scope link
And I have some static routes defined in the base routing table so that I can reach some devices behind other routers. In this case, would I have to manually create the static routes on the 3 eth0 routing tables? 201, 203 and 205? can we know which one of the three routing tables is taken? would there be a cleaner way to get the l2tp/ipsec tunnel to just terminate its packets on the main routing table instead? (so that I could use dynamic routing protocols instead of static for example?)
Thanks!