[LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys. I really need some help.

 

This is my scenario:

 

 

 

CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL LINES)

 

 

My RedHat Linux 7.2 is just a firewall. Im running all the services (www, mail, etc.) on my W2K.

 

I tried to set up a load balance, but im getting the following problem.

 

When I connect from the internet through my IP1 (ADSL 1) on any port that I redirect to W2K, I can connect perfectly to my W2K, but when I connect using my IP2 (ADSL2) I cant get to W2K.

 

And vice versa.

 

With the telnet server, which is running on the linux, I can connect using both IP’s.

 

I guess the problem is when the W2K uses the other gw.

 

My W2K default gw is the linux.

 

This is my setup:

 

 

W2K IP   -> 10.0.0.1

W2K IP2 -> 192.168.1.2

 

Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)

Linux eth0 gw ->  xxx.xxx.xxx.129

 

Linux eth1       -> 192.168.1.1

 

Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)

Linux eth2 gw  -> yyy.yyy.yyy.193

 

 

IPTABLES (just the basic).

 

$IPTABLES -A INPUT -i lo       -j ACCEPT

$IPTABLES -A INPUT -p icmp -j ACCEPT

 

$IPTABLES -A FORWARD -o eth0 -j ACCEPT

$IPTABLES -A FORWARD -o eth2 -j ACCEPT

 

##################### SMTP SERVER #################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25    -j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25    -j DNAT --to-destination 192.168.1.2

##################### HTTP SERVER ##################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80    -j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80    -j DNAT --to-destination 192.168.1.2

 

 $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE

 

 

 

And this is my load balancing script:

 

 

#### Variables ######

 

IP=/sbin/ip

 

IF1=eth0

IP1=xxx.xxx.xxx.170

P1=xxx.xxx.xxx.129

P1_NET=xxx.xxx.xxx.128/26

 

IF2=eth2

IP2=yyy.yyy.yyy.205

P2= yyy.yyy.yyy.193

P2_NET= yyy.yyy.yyy.192/26

 

echo 201  t1 >> /etc/iproute2/rt_tables

echo 202  t2 >> /etc/iproute2/rt_tables

 

 

$IP route add $P1_NET dev $IF1 src $IP1 table t1

$IP route add default via $P1 table t1

$IP route add $P2_NET dev $IF2 src $IP2 table t2

$IP route add default via $P2 table t2

 

$IP route add $P1_NET dev $IF1 src $IP1

$IP route add $P2_NET dev $IF2 src $IP2

 

$IP route add default via $P1

 

$IP rule add from $IP1 table t1

$IP rule add from $IP2 table t2

 

$IP route add default scope global nexthop via $P1 dev $IF1 weight 1 nexthop via $P2 dev $IF2 weight 1

 

 

 

I really need help.

 

I appreciate it,

 

Ron Reicher

ronysrei@uol.com.br

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux