two internet connections don't appear to be masqing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have a script for dual internet connections that does this:

-------------------------
#!/bin/bash

IF1=eth1
IP1=203.219.190.106
P1=203.219.190.105
P1_NET=203.219.190.104

IF2=eth2
IP2=220.245.224.46
P2=220.245.224.45
P2_NET=220.245.224.44

IF0=eth0
P0_net=192.168.0.0

TABLE1=inet1
TABLE2=inet2

ip route add $P1_NET dev $IF1 src $IP1 table $TABLE1
ip route add default via $P1 table $TABLE1
ip route add $P2_NET dev $IF2 src $IP2 table $TABLE2
ip route add default via $P2 table $TABLE2


ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

# preference for default route
ip route add default via $P1

# route out a given table choose what table to route with

ip rule add from $IP1 table $TABLE1
ip rule add from $IP2 table $TABLE2



ip route add $P0_NET     dev $IF0 table $TABLE1
ip route add $P2_NET     dev $IF2 table $TABLE1
ip route add 127.0.0.0/8 dev lo   table $TABLE1

ip route add $P0_NET     dev $IF0 table $TABLE2
ip route add $P1_NET     dev $IF1 table $TABLE2
ip route add 127.0.0.0/8 dev lo   table $TABLE2



#route balancing
ip route add default scope global nexthop via $P1 dev $IF1 weight 1
nexthop via $P2 dev $IF2 weight 1

-----------------------

its taken straight from the lartc howto.
however, it doesn't appear to be route balancing at all. I have kernel
2.4.27 with the extra route balancing patches from this page:

http://www.ssi.bg/~ja/#routes

Traffic into the second interface (IF2) works fine, even portforwards
through that interface work fine. You can ping it from out side etc.
However, no traffic from inside the network ever appears to be nated
out from it, nor does traffic originating from the router box ever go
out over that interface.
Is there some weight better than 1 that I need to adjust? What are
useful values to balance the routes evenly over the two interfaces? Or
is there something I am missing.
btw, the network diagram looks exactly like this one:

http://www.lartc.org/howto/lartc.rpdb.multiple-links.html

is there some proc magic I can query to check the kernel has all the right bits?

Here is the iptables stuff:
 iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
net_dnat   all  --  0.0.0.0/0            0.0.0.0/0
net_dnat   all  --  0.0.0.0/0            0.0.0.0/0
loc_dnat   all  --  0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
eth1_masq  all  --  0.0.0.0/0            0.0.0.0/0
eth2_masq  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain eth1_masq (1 references)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       0.0.0.0/0

Chain eth2_masq (1 references)
target     prot opt source               destination
MASQUERADE  all  --  192.168.0.0/24       0.0.0.0/0

(its shorewall)


thanks

Dave
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux