Re: simple dual Internet connection setup not sending return packets on correct interface

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2004-11-26 at 17:17 +0100, diab wrote:

> iirc, to have two working internet connections on one (nat'ing)
> computer you basically need two things (in my example its eth0 and
> eth1)
> 
> 1) SNAT to the right source address, like
> iptables -A POSTROUTING -j nat -t SNAT [-s from.where or -d to.where]\
>          --to-source source.addr.of.eth0

Surely you mean -t nat -j SNAT?

> iptables -A POSTROUTING -j nat -t SNAT [-s from.where or -d to.where]\
>          --to-source source.addr.of.eth1

Ditto on the transposition of -j and -t.

But these two iptables rules conflict with each other.  If -s
"from.where" is my internal lan and the same in both rules, they are
both trying to do the SNATting of the same packets.  In my two rules, I
added a -o <iface> (where <iface> is the interface matching the
source.addr.of.<iface>).

> 
> 2) two routing tables, like
>  ip route add default via eth0.gateway.ip.address dev eth0 table 1

got it:
ip route add 0/0 via 66.11.190.1 dev ppp0 table 1

>  ip route add default via eth1.gateway.ip.address dev eth1 table 2
got it:
ip route add 0/0 via 24.235.240.1 dev eth1 table 2


> maybe you dont even need the "via xx" thing, the dev xxx is enough.
> 
> then you can classify packets to use the connection you want using
>  ip rule add WHATEVER lookup N (whatever could be "to x.x.x.x" or "from
>  x.x.x.x", same as in the SNAT example, N could be 1 or 2)
> 
> if you want the router to respond to packets correcty (ie. to answer
> ping on both interfaces) you need to
>  ip rule add iif eth0 lookup 1
>  ip rule add iif eth1 lookup 2

I have:
ip rule add from 66.11.173.224 lookup 1
ip rule add from 24.235.240.15 lookup 2

what is "iif" in your above examples?  I don't see an "iif" syntax when
I do "ip rule help".  I get:

Usage: ip rule [ list | add | del ] SELECTOR ACTION
SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ]
            [ dev STRING ] [ pref NUMBER ]
ACTION := [ table TABLE_ID ] [ nat ADDRESS ]
          [ prohibit | reject | unreachable ]
          [ realms [SRCREALM/]DSTREALM ]
TABLE_ID := [ local | main | default | NUMBER ]

Thanx much for your input!

b.

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux