Re: [LARTC] Multiple internet providers

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 22 March 2003 17:33, you wrote:
>  : But changing the rp_filter from one to zero seems to work, as I can
>  : track packets hitting my FORWARD chain now.
>
> Excellent.  I'm quite glad to hear it.
>
>  : So, right now I seem to be on the right track - I think the general
>  : problem with setting up something like this is that all relevant
>  : information is usually scattered over many places with mostly only
>  : fragments put together.  But now now, Thanks Martin - you have been a
>  : great help :-)
>
> Well, that's what my documentation attempts to remedy--but never can.
> Such a dynamic target is very hard to adequately document, but that will
> not prevent me from trying.  Regardless your experience with my section on
> multiple Internet connections points out a now-obvious deficiency in the
> section on multiple uplinks.  I will modify the section to include a
> similar cautionary note about the rp_filter sysctl.
>
> Thanks for letting me know it's working for you,
>
Well, not so fast ... I'm still having some problems, but I fear that they 
will be very hard to solve!

We have 2 connections, our cheap (Arcor, dynamic IP) and our expensive (QSC) 
with 32 public addresses. Since my company is also linked up to a second 
company using a set of private addresses, we have to use the 192.168.1.160/27 
net internally, with a DHCP server. Most of our traffic must go via the Arcor 
connection, while all mail will go via the QSC together with SSH to specific 
machines. For incoming traffic, all addresses in our 32 public IP numbers, 
must be routed 1-1 for the internal net, so it is possible to make external 
connections to either mail, web, ssh, etc. on internal machines.

Now my question is, is it possible to make a destinction for packets coming 
from our internal nets, whether it is part of a connection from QSC or from 
Arcor? So far, I am lost when it comes to ideas and plans... It appears like 
SNAT is impossible as I don't know whether it will correctly translate the 
packet back, and MASQUERADE doesn't seem like the solution either!

Using MASQUERADING, it is possible to have traffic running normally via the 
Arcor net, but once we wish to include QSC in the calculation - I keep 
hitting my head on the wall.

/Kim
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux