I cannot do that because i forgot to mention that there is another router which performs nat operation located between the lan and the debian. I'm blocked on this problem. Anybody knows perhars a good site or a good link which contains documentation about contrack , connmark, etc.. I hope somebody can help me. I want to know if it's possible to configure my debian router to route packets to the interface on which packet arrives. ?? -----Message d'origine----- De : Oscar Mechanic [mailto:oscar@xxxxxxxxxxxxxxx] Envoyé : samedi 14 octobre 2006 19:45 À : KORTA Cc : lartc@xxxxxxxxxxxxxxx Objet : RE: Problem with two providers:Need to route packets on the interface on which they arrives. Hi Yep, I understand so looking at this. What I describe below is the simplest way I can think of doing it. Else you should look at connmark or even the wonderful ebtables. modem A IP 192.168.0.254 next hop 192.168.0.253 modem B IP 172.16.30.254 next hop 172.16.30.254 Server address is 10.0.0.12 and 10.0.0.13 if packet comes from MODEM A DNAT to server address 10.0.0.12 if packet comes from MODEM B DNAT to server address 10.0.0.13 Req from modem A responce ACK from sever 10.0.0.12 comes back and it chooses default route modem A Req from modem B responce ACK from server 10.0.0.13 comes back and it chooses route from table 120 Cause you have added rule ip rule add from 10.0.0.13 lookup 120 ip route add default via 172.16.30.254 table 120 -or- ip route add from 10.0.0.13 via 172.16.30.254 (but I like tables so I suggest above) Some may look at this as a bad solution as it creates hidden solution specific info. Now if you want to make this a better solution look at connmark and mark. And ip rule add fwmark XX lookup X. I know this would work but you will have to figure it out. Also you have ipt_ROUTE but I have little success with this. On Sat, 2006-10-14 at 19:21 +0200, KORTA wrote: > I made a picture > If a packet arrives from provider B, I want that the packet will be routed > by the same provider even if the default route is provider A. > > You gave me the syntax to route from source address, > I just want to know if there is possible to route packets depends on which > interface they arrives. > Tx > > > -----Message d'origine----- > De : Oscar Mechanic [mailto:oscar@xxxxxxxxxxxxxxx] > Envoyé : samedi 14 octobre 2006 13:56 > À : KORTA > Cc : lartc@xxxxxxxxxxxxxxx > Objet : Re: Problem with two providers:Need to route packets on the > interface on which they arrives. > > There is a simple way a hard way to do this. You could use > connmark in iptables. And then use ip rule & routes to set > route based on that. As I am not going to replicate this to test > I wont try and guess commands. > > Easiest configure 2 IP's on server. > > DNAT like > iptables -t nat -I PREROUTING 1 -i ethA -j DNAT --to-destination > <10.0.0.A> > iptables -t nat -I PREROUTING 1 -i ethB -j DNAT --to-destination > <10.0.0.B> > > ip rule add from 10.0.0.B lookup 120 > ip route add default via <B ISP Address> table 120 > > Thats the easiest I can think of. > > > > On Sat, 2006-10-14 at 13:10 +0200, KORTA wrote: > > Hello, > > > > > > > > i would like to know how to resolve a problem. > > > > > > > > I have a debian router with 3 interfaces (LAN, and two internet > > providers (Provider A, Provider B)). > > > > > > > > The default route is configured to use the provider A > > > > > > > > The problem is that, > > > > When an external connection arrives from provider B to an internal > > server (with nat), the packet is routed to the default route: > > > > I explain: > > > > - A packet arrives from provider B in direction of a internal > > server > > > > - The router performs nat operation > > > > - The internal server generates a response > > > > - The router routes the packet on the interface Provider A > > > > > > > > Consequently, The connection cannot been established > > > > > > > > I want to know if its possible to configure my debian router to route > > packets to the interface on which packet arrives. In the example, > > packets should have been routed by the interface connected to provider > > B > > > > > > > > If yes, do you know how to do that ? > > > > > > > > Thanks. > > > > > > > > > > > > > > _______________________________________________ > > LARTC mailing list > > LARTC@xxxxxxxxxxxxxxxxxxx://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
