Re: Two link adsl on the same server

[Sebastião Antônio Campos (GWA) <sa.campos@xxxxxxxxxxxxxxxx>]

Hi RoOot,

I did the tip and something works and other not.

I could not access from (2.2.2.118) the internet the ftp service that is 
located in other server.

I have this iptable rule:
iptables -A PREROUTING -t nat -p tcp -d 1.1.1.70 --dport 21 -j DNAT --to 
172.17.1.7

iptables  -A PREROUTING -t nat -p tcp -d 2.2.2.118 --dport 21 -j DNAT --to 
172.17.1.7



Only if I use the 1.1.1.70 it works because there is a default route 
1.1.1.69. If I del the route and add the other default route to the 
2.2.2.118 (2.2.2.117) it works too, but the other stop to work.

Any other service in the firewall I can access via 1.1.1.70 or 2.2.2.118.

What I need to do to access the ftp service from 1.1.1.70 or 2.2.2.118.


Thanks

Tião

----- Original Message ----- 
From: "ro0ot" <ro0ot@xxxxxxxxxxxx>
To: ""Sebastião Antônio Campos (GWA)"" <sa.campos@xxxxxxxxxxxxxxxx>
Cc: "Netfilter list" <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, May 10, 2005 2:08 PM
Subject: Re: Two link adsl on the same server


> Below is only examples: -
>
> First, include this in /etc/iproute2/rt_tables as below: -
>
> 201 http.out
> 202 ftp.out
> 203 smtp.out
> 204 pop3.out
>
> Next, include this in a preferred executable file such as 
> /usr/local/bin/rc.routing as below: -
>
> #!/bin/sh
>
> # first ISP
> ip route add 1.1.1.68/30 dev eth2 src 1.1.1.70 table 1
> ip route add default via 1.1.1.69 table 1
>
> # second ISP
> ip route add 2.2.2.116/30 dev eth4 src 2.2.2.118 table 2
> ip route add default via 2.2.2.117 table 2
>
> ip rule add from 1.1.1.70 table 1
> ip rule add from 2.2.2.118 table 2
>
> ip route add 172.17.0.0/16 dev eth1 table 1
> ip route add 2.2.2.116/30 dev eth4 table 1
>
> ip route add 172.17.0.0/16 dev eth1 table 2
> ip route add 1.1.1.68/30 dev eth2 table 2
>
> ip route add default scope global nexthop via 1.1.1.70 dev eth2 nexthop 
> via 2.2.2.118 dev eth4
>
> ip rule add fwmark 1 table http.out
> ip rule add fwmark 2 table ftp.out
> ip rule add fwmark 3 table smtp.out
> ip rule add fwmark 4 table pop3.out
>
> ip route add default via 1.1.1.69 dev eth2 table http.out
> ip route add default via 1.1.1.69 dev eth2 table ftp.out
>
> ip route add default via 2.2.2.117 dev eth4 table smtp.out
> ip route add default via 2.2.2.117 dev eth4 table pop3.out
>
> Next, include this in a preferred executable file such as 
> /usr/local/bin/rc.firewall as below: -
>
> #!bin/sh
>
> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 1.1.1.70
> iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 2.2.2.118
>
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j 
> MARK --set-mark 1
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j 
> MARK --set-mark 2
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 25 -j 
> MARK --set-mark 3
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 110 -j 
> MARK --set-mark 4
>
> Hope it helps...
>
> Regards,
> ro0ot
>
>
> Sebastião Antônio Campos (GWA) wrote:
>
> > Hi!
> >
> > We have two ADSL link on the same server and we'd like to use load 
> > balance.
> >
> > I tried to used, but I didn't have success.
> >
> > I use on eth1 172.17.1.6 mask 255.255.0.0 my local network;
> > on eth2 my first ADSL 200.168.1.19 mask 255.255.255.192 default gw 
> > 200.204.140.1
> > on eth4 my first ADSL 200.204.140.10 mask 255.255.255.192 default gw 
> > 200.179.1.1
> >
> > This IP are static.
> >
> > On my local network I have two servers (E-mail server and one web server) 
> > and I need to PREROUTING with DNAT.
> >
> > And we would like to separate the port 80 and 21 using one link on eth0 
> > and the port 25 and 110 other link eth4 and other ports eth0 or eth4 link.
> >
> > My files:
> >
> > My ifcfg-ethx files:
> >
> > #NIC SIS on board, usando link1 ADSL
> > DEVICE=eth0
> > ONBOOT=yes
> > #BOOTPROTO=dhcp
> > BOOTPROTO=static
> > BROADCAST=200.168.1.63
> > IPADDR=200.168.1.19
> > NETMASK=255.255.255.192
> > NETWORK=200.168.1.0
> > #GATEWAY=200.168.1.1
> > ___________________________________________________________
> > #Placa Realtek, Uso Local, slot 1
> > DEVICE=eth1
> > ONBOOT=yes
> > BOOTPROTO=static
> > IPADDR=172.17.1.6
> > BROADCAST=172.17.255.255
> > NETMASK=255.255.0.0
> > NETWORK=172.17.0.0
> > ________________________________________________________
> > #NIC Realtek, link 2 ADSL
> > DEVICE=eth4
> > ONBOOT=yes
> > BOOTPROTO=static
> > BROADCAST=200.204.140.63
> > IPADDR=200.204.140.10
> > NETMASK=255.255.255.192
> > NETWORK=200.204.140.0
> >
> > _________________________________________________
> > file /etc/sysconfig/network
> >
> > NETWORKING=yes
> > HOSTNAME=rbz-firewall
> > #GATEWAY=200.168.1.1
> > GATEWAY=200.204.140.1
> > ___________________________________________________
> > file /etc/iproute2/rt_tables
> >
> > #
> > # reserved values
> > #
> > #255    local
> > #254    main
> > #253    default
> > #0      unspec
> > #
> > # local
> > #
> > #1      inr.ruhep
> >
> >
> > Could some one help me??
> >
> > Thanks
> >
> >
> > Sebastião Antônio Campos
> > Infojoi Computadores Ltda
> > 89.224-000 Joinville -SC - R. Iririú, 3587
> > Cml. (47) 437-0796 - Cel. (47) 9927-5349
> > tiao@xxxxxxxxxxxxxx
> > http://www.lupusnet.com.br