Hello,
I have a LINUX server with two internet connections available.
I want all the traffic to go over the default route, but HTTP traffic
to go over ISP2 line.
Interfaces:
eth1 192.168.2.254 - LAN 192.168.2.x
ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route)
eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a
hardware router)
I have the following configuration:
echo 200 gate2 >> /etc/iproute2/rt_tables
server:/etc/network# ip route
x.x.x.6 dev ppp0 proto kernel scope link src x.x.x.106
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.254
192.168.164.0/24 dev eth0 proto kernel scope link src 192.168.164.254
default via x.x.x.6 dev ppp0
server:/etc/network# ip route list table gate2
default via 192.168.164.113 dev eth0
server:/etc/network# ip rule
0: from all lookup local
32765: from all fwmark 1 lookup gate2
32766: from all lookup main
32767: from all lookup default
The script:
-----------------------------------------------------
#!/bin/bash
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -P FORWARD ACCEPT
ip route flush table gate2
ip route add default via 192.168.164.113 dev eth0 table gate2
ip rule add fwmark 0x01 table gate2
ip route flush cache
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p icmp -j MARK --set-mark 0x01
iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x01
iptables -t mangle -A PREROUTING -i eth1 -s 192.168.2.0/24 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x01
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 0 > $f
done
-------------------------------------------------------
I also mark icmp packets, that I could test my configuration using
traceroute.
It seems that my rules are working OK, with tcpdump and traceroute I
see that HTTP traffic of LAN computers go over the ISP2 line. When I
connect to the WWW page, that shows my public IP address, I see the
ISP2 line address. But after some time, part of the HTTP traffic
begins going over the default ISP1 line. I see that some HTTP traffic
goes over ISP2 line (that's good), but also it goes over default route.
And after some time, if I connect to the WWW page, that shows my
public IP address, I see the default ISP1 IP address (that's bad). I
do my test browsing from one of my LAN computers, there are other
computers working in the LAN, and perhaps their HTTP traffic goes OK
(over the ISP2 line), because with
tcpdump -i eth0 net 192.168.164 and port 80
I see that there are much HTTP traffic on the ISP2 line. Then I reboot
my server, for some time (about 10 minutes) everything works OK, but
then there comes my problem... :(
I am totally lost, I don't know how to solve this problem.... :(
I would be very grateful if you helped me with this issue.
Rokas Zakarevicius
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
