| Linode Forum https://forum.linode.com/ |
|
| Routing with Dual internet connection https://forum.linode.com/viewtopic.php?f=19&t=2768 |
Page 1 of 1 |
| Author: | sammythesquib [ Tue Jun 05, 2007 8:22 am ] |
| Post subject: | Routing with Dual internet connection |
Hi all. Ive used this (http://linux-ip.net/html/adv-multi-internet.html) very usefull guide on how to route traffic to multiple internet connections based on traffic type (http isp1 ftp isp2). It works a treat. However, it works as long as the machine that is accessing the internet resource is not the router pc itself. Heres what Ive got so far: Fedora Core 6 setup with IP forwarding and iptables as the firewall 3 network cards - one network card going to isp1 (eth1) another going to isp2 (eth2) and another to connected to the LAN (eth0) Ive set it up as a router as per (http://www.yolinux.com/TUTORIALS/LinuxT ... teway.html) Which basically says: # Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated. iptables --flush - Flush all the rules in filter and nat tables iptables --table nat --flush iptables --delete-chain - Delete all chains that are not in default filter and nat table iptables --table nat --delete-chain # Set up IP FORWARDing and Masquerading iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward - Enables packet forwarding by kernel That all works great. Next Ive got the stuff needed for the conditional routing: iptables -t mangle -A PREROUTING -p tcp --dport 81 -s 192.168.99.0/24 -j MARK --set-mark 4 iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp1 iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp2 there are some ip rules that get added that act upon the --set-mark: ip rule add fwmark 4 table 4 I use port 81 as test, by setting up a remote web server that listens on port 81 and tells me (via php) what my ip address is. Like I said, works a treat, as long the pc I use to browse (or whatever) is not the router pc itself, but id like it to work from the router pc as well as remote stations. Any suggestions greatly appreciated. PresidentScroob. |
|
| Author: | SteveG [ Sat Jun 23, 2007 3:33 pm ] |
| Post subject: | |
I can't give example commands, but I'd suspect that the right tool to do this is the 'ip' command (aka iproute2), rather than iptables. (see http://lartc.org/howto/) BTW, the reason it's not working locally is that locally generated packets don't go through the same tables as remote packets. See the iptables docs, but I've got no idea if there is a way to do this with only iptables |
|
| Author: | houkouonchi [ Tue Dec 11, 2007 6:08 pm ] |
| Post subject: | |
For multi-wan on my own network with NAT involved I ended up just using clark connect as it was free/easy and highly configurable not to mention it worked well. Doing multi wan NAT seemed like too much of a pain in the but; however, for my server in a data-center I do multi-wan. I wanted everything to go out of eth0 by default unless programs bound to eth1. Everything worked using the default setup but everything really went in/out through eth0 instead of eth1. Here is the script I use to set it up after the network adapters are setup using the init script: Code: #!/bin/sh It was written for my use only so it assumes devices and /24 networks but I mainly used variables simply so it still works if I change iP addresses. |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|