[LARTC] Splitting internet access with two providers

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi there, since i failed to shape traffic due to p2p programs, i am thinking about splitting my internet connection. Here is the scenario once again for those who haven't red any of my emails :)

                ______
<hub1> <-------> |Switch|            ______
                |      |           |      |  eth0
<hub2> <-------> |      |           |Linux | <----------> Router ADSL1
 .              |      |    eth3   |      |192.168.3.5   192.168.3.6
 .              |      |  <----->  | Box  |
 .              |      |192.169.1.1|      |  eth2
 .              |      |           |      | <----------> Router ADSL2
<hub24> <------> |______|           |______|192.168.4.2   192.168.4.1

I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only for massive downloads.

The problem comes with connection tracking, it looks like its not working, probably i am doing something wrong. Where is connection_tracking being done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending on the --destination-port option, and i am using a stateful firewall, anyone having the same troble, anyone can light me up? :)

PD: Sorry for my poor english :)

##################################################
## SNAT
##

iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport 0:1024 -j SNAT --to 192.168.3.5
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport 0:1024 -j SNAT --to 192.168.3.5

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport 1024: -j SNAT --to 192.168.4.2
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport 1024: -j SNAT --to 192.168.4.2

iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to 192.168.3.5


####################################################
##  Stateful Firewall
##

iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A keep_state -j RETURN

iptables -t nat -N keep_state
iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A keep_state -j RETURN

      iptables -t nat -A PREROUTING -j keep_state
      iptables -t nat -A POSTROUTING -j keep_state
      iptables -t nat -A OUTPUT -j keep_state

      iptables -t filter -A INPUT -j keep_state
      iptables -t filter -A OUTPUT -j keep_state
      iptables -t filter -A FORWARD -j keep_state


_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: http://messenger.yupimsn.com/


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux