I have a similar setup to yourself, the only difference being that my router and my server are separate hosts. FYI: eth4 is what my server lives behind, ppp0 is my static, ppp1 is my dynamic, and eth1 is my LAN. Here's my working ip rule ls listing: joel@router:~$ ip rule ls 0: from all lookup local 32764: from all iif ppp0 lookup services 32765: from all iif eth4 lookup services 32766: from all lookup main 32767: from all lookup default My main routing table (IP addresses changed to protect the guilty): $ ip route ls default dev ppp1 scope link 1.2.3.4 dev ppp0 proto kernel scope link src 2.3.4.5 1.2.3.5 dev ppp1 proto kernel scope link src 2.3.4.6 3.4.5.0/24 dev eth1 proto kernel scope link src 3.4.5.1 4.5.6.0/24 dev eth4 proto kernel scope link src 4.5.6.1 My "services" routing table: $ ip route ls table services default dev ppp0 scope link 4.5.6.0/24 dev eth4 scope link And finally, my iptables configuration: joel@router:~$ sudo iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 475K packets, 35M bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 167K packets, 12M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1995 packets, 218K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 9454 packets, 641K bytes) pkts bytes target prot opt in out source destination 130K 10M MASQUERADE all -- * ppp1 3.4.5.1/24 0.0.0.0/0 This way, my server routes through ppp1 for all of its internet facing services, and my LAN hosts use ppp0 for their internet stuff. Joel Gerber Network Specialist Network Operations Eastlink E: Joel.Gerber@xxxxxxxxxxxxxxxx T: 519.786.1241 -----Original Message----- From: lartc-owner@xxxxxxxxxxxxxxx [mailto:lartc-owner@xxxxxxxxxxxxxxx] On Behalf Of ??? Sent: March-18-14 6:07 AM To: lartc@xxxxxxxxxxxxxxx Subject: split routing / policy routing Hi, my situation is the following: A debian box connected to my modem, sporting two nics, eth0 and eth1. Two pppoe connections are running through eth0, ppp1 and ppp2. ppp1 gets a static IP, while ppp2 gets a dynamic IP. Both are using different accounts from the same ISP. eth1 is connected to a switch which connects the local network to it. The debian box runs dnsmasq to act as dhcp server. eth1's IP is 192.168.2.1. My goal is to have the debian box, which among others runs a webserver, be reachable through the static IP (ppp1), while the devices in the local network are supposed to connect to the internet with a dynamic IP (ppp2). I set ppp1 as default in the main table. I am able to route a certain IP (call it "Claire") from my local network through ppp2 as described in http://lartc.org/howto/lartc.rpdb.html#LARTC.RPDB.SIMPLE . However, I want to route the whole subnet through there. But when I replace Claire's IP with 192.168.2.0/24, my devices lose connection to the internet and to 192.168.2.1. Of course I looked at http://lartc.org/howto/lartc.rpdb.multiple-links.html , since it pretty much describes my situation (2 different providers, although I only have two accounts at the same provider). BUT it uses an approach a bit different from the former setup, requiring the interfaces' IPs. Since ppp2 gets a dynamic IP though, I cannot set it up like that. Or can I? Also my $P1_NET and $P2_NET are the same. What would be an approach to either use a subnet in the first setup, or use the second setup without having to specify the devices (ppp2's) IP address? After all, ppp2's IP address still appears in the src of the main table's routes. My current outputs: ~$ sudo ip rule list 0: from all lookup local 32763: from 192.168.2.0/24 lookup Homenet 32764: from 192.168.2.239 lookup Claire 32766: from all lookup main 32767: from all lookup default ~$ sudo ip route list table Claire default via 168.95.98.254 dev ppp2 # this one works! the same on table Homenet works not. ~$ sudo ip route list default dev ppp1 scope link 168.95.98.254 dev ppp2 proto kernel scope link src xx.xxx.170.105 168.95.98.254 dev ppp1 proto kernel scope link src xxx.xx.85.229 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 thanks -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
