I installed the kernel 2.4.19pre10 with all the patches and compiled it with the equalcost multipath, but Im still having some troubles... Could anyone check these scrips to see if there is something wrong? I appreciate it, Ron Reicher Eth0 (local) -> 192.168.1.1 connected to my W2k Server on 192.168.1.2 Eth1 (ADSL 1 256k) -> xxx.xxx.xxx.170 gw xxx.xxx.xxx.129 Eth2 (ADSL 2 512k) -> yyy.yyy.yyy.205 gw yyy.yyy.yyy.193 My W2K is hosting all the services, and the clients are behind it. This is my IPTABLES SCRIPT. IPTABLES=/sbin/iptables $IPTABLES -F INPUT $IPTABLES -F FORWARD $IPTABLES -F OUTPUT $IPTABLES -t nat -F PREROUTING $IPTABLES -t nat -F POSTROUTING $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -A INPUT -p tcp -s 10.0.0.0/255.255.255.0 --dport 23 -j ACCEPT $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A INPUT -p icmp -j ACCEPT ############################################# $IPTABLES -A FORWARD -o eth2 -j ACCEPT $IPTABLES -A FORWARD -o eth1 -j ACCEPT $IPTABLES -A FORWARD -p tcp ! --syn -d 192.168.1.0/255.255.255.0 -j ACCEPT ################################## $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -i eth2 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth2 -j ACCEPT ########################################### $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25 -j DNAT --to-destination 192.168.1.2 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 25 -j DNAT --to-destination 192.168.1.2 ########################################### $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80 -j DNAT --to-destination 192.168.1.2 $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE And this is my Load Balancing Script: IP=/sbin/ip IF1=eth1 IP1=xxx.xxx.xxx.170 P1=xxx.xxx.xxx.129 P1_NET=xxx.xxx.xxx.128/26 IF2=eth2 IP2=yyy.yyy.yyy.200.168.71.205 P2= yyy.yyy.yyy.193 P2_NET= yyy.yyy.yyy.192/26 ################################### echo 201 T1 >> /etc/iproute2/rt_tables echo 202 T2 >> /etc/iproute2/rt_tables $ROUTE del default $IP route add $P1_NET dev $IF1 src $IP1 table T1 $IP route add default via $P1 table T1 $IP route add $P2_NET dev $IF2 src $IP2 table T2 $IP route add default via $P2 table T2 $IP route add $P1_NET dev $IF1 src $IP1 $IP route add $P2_NET dev $IF2 src $IP2 ######################################### $IP route add default via $P2 ###################################################### $IP rule add from $IP1 table T1 $IP rule add from $IP2 table T2 ############################# $IP route add default scope global nexthop via $P2 dev $IF2 weight 1 nexthop via $P1 dev $IF1 weight 1 ###################################################### That's it... Please someone give me a hint. Thanks again, Ron Reicher -----Mensagem original----- De: William L. Thomson Jr. [mailto:support@obsidian-studios.com] Enviada em: quinta-feira, 13 de junho de 2002 14:43 Para: lartc@mailman.ds9a.nl Assunto: Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls You will need to recompile your kernel with multpath support. Also before you compile apply Julian's patches to the kernel. http://www.linuxvirtualserver.org/~julian/#routes Once that is done check out the Nano-HOWTO http://www.linuxvirtualserver.org/~julian/nano.txt That should get you on your way. The linux router will also have to perform NAT, more than likely DNAT, for things to work properly. On Thu, 2002-06-13 at 07:43, Roni Reicher wrote: > Hi guys. I really need some help. > > > > This is my scenario: > > > > > > > > CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL LINES) > > > > > > My RedHat Linux 7.2 is just a firewall. Im running all the services > (www, mail, etc.) on my W2K. > > > > I tried to set up a load balance, but im getting the following problem. > > > > When I connect from the internet through my IP1 (ADSL 1) on any port > that I redirect to W2K, I can connect perfectly to my W2K, but when I > connect using my IP2 (ADSL2) I cant get to W2K. > > > > And vice versa. > > > > With the telnet server, which is running on the linux, I can connect > using both IP's. > > > > I guess the problem is when the W2K uses the other gw. > > > > My W2K default gw is the linux. > > > > This is my setup: > > > > > > W2K IP -> 10.0.0.1 > > W2K IP2 -> 192.168.1.2 > > > > Linux eth0 -> xxx.xxx.xxx.170 (ADSL1) > > Linux eth0 gw -> xxx.xxx.xxx.129 > > > > Linux eth1 -> 192.168.1.1 > > > > Linux eth2 -> yyy.yyy.yyy.205 (ADSL2) > > Linux eth2 gw -> yyy.yyy.yyy.193 > > > > > > IPTABLES (just the basic). > > > > $IPTABLES -A INPUT -i lo -j ACCEPT > > $IPTABLES -A INPUT -p icmp -j ACCEPT > > > > $IPTABLES -A FORWARD -o eth0 -j ACCEPT > > $IPTABLES -A FORWARD -o eth2 -j ACCEPT > > > > ##################### SMTP SERVER ################# > > $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25 > -j DNAT --to-destination 192.168.1.2 > > $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 25 > -j DNAT --to-destination 192.168.1.2 > > ##################### HTTP SERVER ################## > > $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80 > -j DNAT --to-destination 192.168.1.2 > > $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80 > -j DNAT --to-destination 192.168.1.2 > > > > $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE > > $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE > > $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > $IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE > > > > > > > > And this is my load balancing script: > > > > > > #### Variables ###### > > > > IP=/sbin/ip > > > > IF1=eth0 > > IP1=xxx.xxx.xxx.170 > > P1=xxx.xxx.xxx.129 > > P1_NET=xxx.xxx.xxx.128/26 > > > > IF2=eth2 > > IP2=yyy.yyy.yyy.205 > > P2= yyy.yyy.yyy.193 > > P2_NET= yyy.yyy.yyy.192/26 > > > > echo 201 t1 >> /etc/iproute2/rt_tables > > echo 202 t2 >> /etc/iproute2/rt_tables > > > > > > $IP route add $P1_NET dev $IF1 src $IP1 table t1 > > $IP route add default via $P1 table t1 > > $IP route add $P2_NET dev $IF2 src $IP2 table t2 > > $IP route add default via $P2 table t2 > > > > $IP route add $P1_NET dev $IF1 src $IP1 > > $IP route add $P2_NET dev $IF2 src $IP2 > > > > $IP route add default via $P1 > > > > $IP rule add from $IP1 table t1 > > $IP rule add from $IP2 table t2 > > > > $IP route add default scope global nexthop via $P1 dev $IF1 weight 1 > nexthop via $P2 dev $IF2 weight 1 > > > > > > > > I really need help. > > > > I appreciate it, > > > > Ron Reicher > > ronysrei@uol.com.br > -- Sincerely, William L. Thomson Jr. Obsidian-Studios, Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
