On Wed, May 11, 2005 at 01:08:37AM +0800, ro0ot wrote: > Below is only examples: - > > First, include this in /etc/iproute2/rt_tables as below: - > > 201 http.out > 202 ftp.out > 203 smtp.out > 204 pop3.out > > Next, include this in a preferred executable file such as > /usr/local/bin/rc.routing as below: - > > #!/bin/sh > > # first ISP > ip route add 1.1.1.68/30 dev eth2 src 1.1.1.70 table 1 > ip route add default via 1.1.1.69 table 1 > > # second ISP > ip route add 2.2.2.116/30 dev eth4 src 2.2.2.118 table 2 > ip route add default via 2.2.2.117 table 2 you also need to add the local routes in these tables as well, otherwise they will not be able to talk inside ! > > ip rule add from 1.1.1.70 table 1 > ip rule add from 2.2.2.118 table 2 > > ip route add 172.17.0.0/16 dev eth1 table 1 > ip route add 2.2.2.116/30 dev eth4 table 1 > > ip route add 172.17.0.0/16 dev eth1 table 2 > ip route add 1.1.1.68/30 dev eth2 table 2 > > ip route add default scope global nexthop via 1.1.1.70 dev eth2 nexthop > via 2.2.2.118 dev eth4 > > ip rule add fwmark 1 table http.out > ip rule add fwmark 2 table ftp.out > ip rule add fwmark 3 table smtp.out > ip rule add fwmark 4 table pop3.out > > ip route add default via 1.1.1.69 dev eth2 table http.out > ip route add default via 1.1.1.69 dev eth2 table ftp.out > > ip route add default via 2.2.2.117 dev eth4 table smtp.out > ip route add default via 2.2.2.117 dev eth4 table pop3.out > > Next, include this in a preferred executable file such as > /usr/local/bin/rc.firewall as below: - > > #!bin/sh > > iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 1.1.1.70 > iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 2.2.2.118 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > --set-mark 1 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > --set-mark 2 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 25 -j MARK > --set-mark 3 > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 110 -j MARK > --set-mark 4 > > Hope it helps... > > Regards, > ro0ot > > > Sebasti?o Ant?nio Campos (GWA) wrote: > > >Hi! > > > >We have two ADSL link on the same server and we'd like to use load balance. > > > >I tried to used, but I didn't have success. > > > >I use on eth1 172.17.1.6 mask 255.255.0.0 my local network; > >on eth2 my first ADSL 200.168.1.19 mask 255.255.255.192 default gw > >200.204.140.1 > >on eth4 my first ADSL 200.204.140.10 mask 255.255.255.192 default gw > >200.179.1.1 > > > >This IP are static. > > > >On my local network I have two servers (E-mail server and one web server) > >and I need to PREROUTING with DNAT. > > > >And we would like to separate the port 80 and 21 using one link on eth0 > >and the port 25 and 110 other link eth4 and other ports eth0 or eth4 link. > > > >My files: > > > >My ifcfg-ethx files: > > > >#NIC SIS on board, usando link1 ADSL > >DEVICE=eth0 > >ONBOOT=yes > >#BOOTPROTO=dhcp > >BOOTPROTO=static > >BROADCAST=200.168.1.63 > >IPADDR=200.168.1.19 > >NETMASK=255.255.255.192 > >NETWORK=200.168.1.0 > >#GATEWAY=200.168.1.1 > >___________________________________________________________ > >#Placa Realtek, Uso Local, slot 1 > >DEVICE=eth1 > >ONBOOT=yes > >BOOTPROTO=static > >IPADDR=172.17.1.6 > >BROADCAST=172.17.255.255 > >NETMASK=255.255.0.0 > >NETWORK=172.17.0.0 > >________________________________________________________ > >#NIC Realtek, link 2 ADSL > >DEVICE=eth4 > >ONBOOT=yes > >BOOTPROTO=static > >BROADCAST=200.204.140.63 > >IPADDR=200.204.140.10 > >NETMASK=255.255.255.192 > >NETWORK=200.204.140.0 > > > >_________________________________________________ > >file /etc/sysconfig/network > > > >NETWORKING=yes > >HOSTNAME=rbz-firewall > >#GATEWAY=200.168.1.1 > >GATEWAY=200.204.140.1 > >___________________________________________________ > >file /etc/iproute2/rt_tables > > > ># > ># reserved values > ># > >#255 local > >#254 main > >#253 default > >#0 unspec > > > ># > ># local > ># > >#1 inr.ruhep > > > > > >Could some one help me?? > > > >Thanks > > > > > >Sebasti?o Ant?nio Campos > >Infojoi Computadores Ltda > >89.224-000 Joinville -SC - R. Iriri?, 3587 > >Cml. (47) 437-0796 - Cel. (47) 9927-5349 > >tiao@xxxxxxxxxxxxxx > >http://www.lupusnet.com.br > > > > > > > > > > > > >
Attachment:
signature.asc
Description: Digital signature
