[LARTC] Multiple gateways from multiple ISPs: how to add specific routes?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a box here with six ADSLs, two from each of three providers.
The system is setup in direct accordance with the configuration outlined in the Nano-HOWTO.txt.

To problem now is that most of the offered services from the ISPs servers are only open to IPs on their own IP netblocks.
(This is not new, however ;-)

This means that I'd have to put in rules and/or routes that handles these nets specifically and routes the traffic through the proper gateway.

My idea is to put in a rule (or several) like this:

# ip rule add prio 100 to $ISP1_DNS/32 table 100
(or ip rule add prio 100 to $ISP1_NET/$ISP1_NETMASK table 100)

This rule should be put in charge of the following routes:

#ip route add default via $WAN1_GW dev $WAN1_DEV src $WAN1_IP \
proto static table 100

#ip route append prohibit default table 100 metric 1 proto static

(These lines are based on the rest of the setup).

Is this correct?
Is this the way to go?
What is "best practice" in this matter?

(Maybe I have not seen the light yet...)

*************************************

Here is an outline of the setup:

nanobox:~# ip rule
0:      from all lookup local
50:     from all lookup main
201:    from 111.1.1.0/25 lookup 201
202:    from 112.1.1.0/25 lookup 202
203:    from 121.1.1.0/30 lookup 203
204:    from 122.1.1.0/30 lookup 204
205:    from 131.1.1.0/30 lookup 205
206:    from 132.1.1.0/30 lookup 206
222:    from all lookup 222
32767:  from all lookup default

Theres six of these:
nanobox:~# ip ro ls table 201
default via 111.1.1.1 dev eth1  proto static  src 111.1.1.2
prohibit default  proto static  metric 1

ungdomsbo:~# ip ro ls table 222
default  proto static
        nexthop via 111.1.1.1  dev eth1 weight 1
        nexthop via 112.1.1.1  dev eth2 weight 1
        nexthop via 121.1.1.1  dev eth3 weight 1
        nexthop via 122.1.1.1  dev eth4 weight 1
        nexthop via 131.1.1.1  dev eth5 weight 1
        nexthop via 132.1.1.1  dev eth6 weight 1

nanobox:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
keep_state  all  --  anywhere             anywhere

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
keep_state  all  --  anywhere             anywhere
SNAT       all  --  172.16.0.0/16        anywhere           to:111.1.1.2
SNAT       all  --  172.16.0.0/16        anywhere           to:112.1.1.2
SNAT       all  --  172.16.0.0/16        anywhere           to:121.1.1.2
SNAT       all  --  172.16.0.0/16        anywhere           to:122.1.1.2
SNAT       all  --  172.16.0.0/16        anywhere           to:131.1.1.2
SNAT       all  --  172.16.0.0/16        anywhere           to:132.1.1.2

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
keep_state  all  --  anywhere             anywhere

Chain keep_state (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
RETURN all -- anywhere anywhere


* Probably no need to say, but all IPs are fake except for the internal RFC1918-ish net ;-)

--
Mvh. / Best regards,
Steen Suder		<http://www.suder.dk/>
ICQ UIN			4133803


[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux