[LARTC] Double gateway - aliased ip routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Martin.

>If I had to allow the client to select its default gateway, I'd be
>inclined to add another interface.  
>
I've already tried this out, but the kernel gets really confused with 
this configuration. Incoming packets were abriatly answered by one or 
the other interface. I learned from the net that it's just not possible 
to to manage, if both interfaces are connected to the same section (eg. 
switch) of the subnet. The config of eth1 and eth2 just works, because 
both parts of the subnet are phsically seperated and packets to 
62.x.x.90 only arrive on one of the two interfaces. If someone's got a 
solution to the problem 'two interfaces on the same subnet', let me know.

>But since I'm a control freak and
>BOFH, I'd simply use "ip rule" on the firewall to determine which client
>IP (or outbound service) gets to use bandwidth on my two connections.
>
>I have some documentation available on
>
>  http://plorf.net/linux-ip/html/adv-multi-internet.htm
>
>which may be helpful to you in selecting different outbound routes based
>on source IP or destination port.
>  
>
Source based routing would only be a second best solution. My task is to 
let the user choose the outbound route. In this case I would have to 
built a kind of user-interface to the firewall-script. I think that 
would be a bad idea. On the other hand I want prevent people asking me 
to switch theirs connection.

But thanks so far. More hints are welcome.

oli

> :                        INTERNET
> :          =======================================
> :                |                       |
> :                |                       |
> :              DynIP                212.x.x.195
> :          /------------\        /---------------\
> :          | DSL-ROUTER |        |   T3-ROUTER   |
> :          \------------/        \---------------/
> :           192.168.11.1             62.x.x.89
> :          192.168.11.0/24          62.x.x.88/29
> :                |                       |
> :                |                       |
> :           192.168.11.8             62.x.x7.90
> :          192.168.11.0/24          62.x.x.88/29
> :              eth3                    eth1   w/ ProxyARP
> :                    /---------------\
> :                    |   FIREWALL    |
> :                    \---------------/
> :       eth0:1         eth0             eth2  w/ ProxyARP
> :   192.168.10.8   192.168.10.9      62.x.x.90
> :         192.168.10.0/24           62.x.x.88/29
> :                |                                 \
> :                |                                  \
> :   ===========================                    eth0
> :            LOCALNET                            62.x.x.93
> :                                               62.x.x.88/29
> :                                                 /-----\
> :                                                 | DMZ |
> :                                                 \-----/
>
>
>
>  
>
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux