I've spent the last 6+ months off and on trying to figure this little problem out and then within an hour of posting the question to this mailing list, you respond with what I needed.
I compiled iproute2 then did the two ip lines described in that little HOWTO: ip ru add from my.DSL.ip.x lookup 4 ip ro add 0.0.0.0/0 via my.DSL.ISP.gateway table 4
And it worked. Too sweet.
Now to figure out exactly what that did, how to manipulate it for different situations, and see what security implications that might have opened up (since the box is supposed to be theoretically considered a "firewall").
Thanks. You rock. :)
Joel
At 02:00 PM 4/24/2001 -0400, Ramin Alidousti wrote:
I can definitely give you the smile :-)
As for your problem; I think that this has already been asked in other mailing lists but I haven't seen any answer. What you want to do is "policy-routing" based on the source IP (for your outgoing traffic). Take a look at "http://kewl.phear.org/policy/";. It might help.
Ramin
On Tue, Apr 24, 2001 at 11:29:12AM -0500, Joel Kleppinger wrote:
> I know it is poor form to ask a question after just joining a mailing list,
> but I searched around for an archive and couldn't find out. I pray you'll
> forgive my brashness.
>
> What I am trying to do is have 2 internet interfaces properly routing on
> the same box using the 2.4 kernel. I have a cable modem and a DSL modem
> (eth2) running into a single server which provides a few services to the
> outside world, including HTTP. This server also is forwarding the cable
> modem NIC (eth1) to the internal LAN (eth0) using SNAT. If I switch the
> default route and enable iptables to forward the DSL modem to LAN, then
> that works fine as well. So all 3 interfaces are effectively working, but
> only 2 of the Internet interfaces at a time. I've tried making both Net
> interfaces the default route, but it only routes the interface that was
> last made default.
>
> I want to make it so that someone can access the machine from either
> Internet IP (both static) so I can use the DSL interface (eth2) as a server
> or route certain ports coming in on eth2 it specifically to another server
> behind the routing machine. I would like this without interrupting the
> current cable modem SNAT connection.
>
> I have discussed this notion with a lot of people, and it seems that no one
> really knows how to do this. It seems like it really shouldn't be that
> hard to put services out over specific interfaces. So I ask here. If
> anyone can give me any sort of guidance, direction, even a smile, I would
> be IMMENSELY grateful.
>
> Thank you,
>
> Joel Kleppinger
>
>
> _______________________________________________
> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
