Slipt 2 ISP strange routing problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear all Lartc,

I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router,
I want all my users conneted with ISP1 and just some IP connected with ISP2

Here is my configuration:

Internal network: 10.117.71.0/24
                             Interface eth0

ISP1: IP for my linux box: 1.2.3.4/29
       Interface: eth1
       Gateway: 1.2.3.5

ISP2: IP for my linux box: 5.6.7.8/29
       interface: eth2
       gateway: 5.6.7.9    (in fact it's my adsl modem)

You can see below my configuration for iptables and iproute2

I get a strange problem:

All my user can connect to internet with ISP1, there is no problem.

But when I try with 10.117.71.1 (the one routed to ISP2),
I can connect to the gateway (5.6.7.9), that mean that I am correctly routed.
But I cannot connect (or ping) internet. I think packets are send but when the
web site (google.com for exemple) reply, my packets are not routed back.

I also try to connect to 5.6.7.9 (ISP2 gateway) from other internal IP (routed on ISP1),
and it's not possible, but for the moment it's not a problem for me.

I test my connection from my modem (gateway ISP2), no problem.

Is there some kind guru of iptables and iproute2 to help me on this ?

Thank you in advance,
Guillaume

Here is my script for routing and iptables:
#################################
# ISP2
/sbin/ip route flush table 5
/sbin/ip route add table 5 default via 5.6.7.9 dev eth2
/sbin/ip rule add fwmark 5 table 5

echo "firewall constants setup"

# FLUSH the tables
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t mangle -F PREROUTING

## Mangeling Rules ##

# special rules for some IPs to go on second ISP
iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 5


# SNAT RULES

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
iptables -t nat -A POSTROUTING -o eth2 -s 10.117.71.1 -j SNAT --to 5.6.7.8


###############################################
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# (network, broadcast and gateway are optional)
auto eth1 eth0 eth2

# local network (LAN)
iface eth0 inet static
      address 10.117.71.1
      netmask 255.255.255.0

# external network (ISP1)
iface eth1 inet static
      address 1.2.3.4
      netmask 255.255.255.248
      gateway 1.2.3.5

iface eth2 inet static
      address 5.6.7.8
      netmask 255.255.255.248

#######################################

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux