Hello List,
in our office we have two independant SDSL-connections.
One of them is a flatrate, the other is a dedicated line to our webfarm.
The goal is to route all the traffic to the webfarm through the
dedicated line and all other traffic through the flatrate.
The maschine has three nics:
eth0: internal network
eth1: webfarm
eth2: flatrate
Each connection uses its own router. It is possible to access the
internet through both connections, for example with ping -I interface
address.
I wrote an script for the issue mentioned above:
please take a look at the attachment
The whole thing works great under Knoppix, but neither with gentoo, nor
with debian sarge (I want to use debian sarge for the router).
Just for testing I took another maschine with gentoo and there it also
works. (same kernel-, same iptables-, same iproute2-versions and also
the same nics)
With tcpdump I can see that packets sent by a client from the internal
network leave the gateway, the answer comes back but is not passed on
the the client.
I hope somebody has an idea how I could solve the problem,
greetings,
Jonathan Schmieg
#!/bin/sh
## Variablen
GATEWAY_DEF=X.X.X.25
GATEWAY_T2=Y.Y.Y.177
IP_T2=Y.Y.Y.180
IFACE_INT=eth0
## Kernelparameter
echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
############
## Status ##
############
if [ "$1" = "status" ]
then
echo "Default Route"\n
ip route show
echo "Spacenet Route"\n
ip route show table 2
echo "Rules"\n
ip rule show
echo "Markierungen"\n
iptables -t mangle -L ROUTING -v -x 2> /dev/null
exit
fi
##########
## Stop ##
##########
iptables -t mangle -D PREROUTING -j ROUTING 2> /dev/null > /dev/null
iptables -t mangle -D FORWARD -j ROUTING 2> /dev/null > /dev/null
iptables -t mangle -F ROUTING 2> /dev/null > /dev/null
iptables -t mangle -X ROUTING 2> /dev/null > /dev/null
ip route del table 2
ip route del default via $GATEWAY_DEF
ip rule del from $IP_T2 table 2
ip rule del fwmark 66 table 2
ip route flush cache
if [ "$1" = "stop" ]
then
echo "Routing removed"
exit
fi
###########
## Start ##
###########
## 2. Tabelle anlegen
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 2 $ROUTE; done
ip route add default via $GATEWAY_T2 table 2
## Defaultgw setzen
ip route add default via $GATEWAY_DEF
##Routing regeln setzen
ip rule add from $IP_T2 table 2
ip route flush cache
ip rule add fwmark 66 table 2
##Iptables Tabelle anlegen
iptables -t mangle -N ROUTING
iptables -t mangle -I PREROUTING -j ROUTING
iptables -t mangle -I FORWARD -j ROUTING
## Markieren Kleinwebs
iptables -t mangle -A ROUTING -i $IFACE_INT -p all -d Y.Y.A.0/24 -j MARK --set-mark 66
## Markieren KUNDE
iptables -t mangle -A ROUTING -i $IFACE_INT -p all -d Y.Y.B.0/24 -j MARK --set-mark 66
## Markieren Maintanace
iptables -t mangle -A ROUTING -i $IFACE_INT -p all -d 192.168.100.0/24 -j MARK --set-mark 66
## NAT setzen / passiert aber normal in der Firewall :)
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.10.0/24 -j SNAT --to-source Y.Y.Y.180
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.10.0/24 -j SNAT --to-source X.X.X.30
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
