Re: Two link adsl on the same server

ro0ot <ro0ot@xxxxxxxxxxxx> · Wed, 11 May 2005 22:46:16 +0800

Alexander Samad wrote:

On Wed, May 11, 2005 at 01:08:37AM +0800, ro0ot wrote:

Below is only examples: -

First, include this in /etc/iproute2/rt_tables as below: -

201 http.out
202 ftp.out
203 smtp.out
204 pop3.out

Next, include this in a preferred executable file such as 
/usr/local/bin/rc.routing as below: -

#!/bin/sh

# first ISP
ip route add 1.1.1.68/30 dev eth2 src 1.1.1.70 table 1
ip route add default via 1.1.1.69 table 1

# second ISP

ip route add 2.2.2.116/30 dev eth4 src 2.2.2.118 table 2

ip route add default via 2.2.2.117 table 2

you also need to add the local routes in these tables as well, otherwise

they will not be able to talk inside !

Any example for the local routes?

ip rule add from 1.1.1.70 table 1
ip rule add from 2.2.2.118 table 2

ip route add 172.17.0.0/16 dev eth1 table 1
ip route add 2.2.2.116/30 dev eth4 table 1

ip route add 172.17.0.0/16 dev eth1 table 2
ip route add 1.1.1.68/30 dev eth2 table 2

ip route add default scope global nexthop via 1.1.1.70 dev eth2 nexthop 
via 2.2.2.118 dev eth4

ip rule add fwmark 1 table http.out
ip rule add fwmark 2 table ftp.out
ip rule add fwmark 3 table smtp.out
ip rule add fwmark 4 table pop3.out

ip route add default via 1.1.1.69 dev eth2 table http.out
ip route add default via 1.1.1.69 dev eth2 table ftp.out

ip route add default via 2.2.2.117 dev eth4 table smtp.out
ip route add default via 2.2.2.117 dev eth4 table pop3.out

Next, include this in a preferred executable file such as 
/usr/local/bin/rc.firewall as below: -

#!bin/sh

iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 1.1.1.70
iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 2.2.2.118

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK 
--set-mark 1

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK 
--set-mark 2

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 25 -j MARK 
--set-mark 3

iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 110 -j MARK 
--set-mark 4

Hope it helps...

Regards,
ro0ot

Sebasti?o Ant?nio Campos (GWA) wrote:

Hi!

We have two ADSL link on the same server and we'd like to use load balance.

I tried to used, but I didn't have success.

I use on eth1 172.17.1.6 mask 255.255.0.0 my local network;

on eth2 my first ADSL 200.168.1.19 mask 255.255.255.192 default gw 
200.204.140.1

on eth4 my first ADSL 200.204.140.10 mask 255.255.255.192 default gw 
200.179.1.1

This IP are static.

On my local network I have two servers (E-mail server and one web server) 
and I need to PREROUTING with DNAT.

And we would like to separate the port 80 and 21 using one link on eth0 
and the port 25 and 110 other link eth4 and other ports eth0 or eth4 link.

My files:

My ifcfg-ethx files:

#NIC SIS on board, usando link1 ADSL
DEVICE=eth0
ONBOOT=yes
#BOOTPROTO=dhcp
BOOTPROTO=static
BROADCAST=200.168.1.63
IPADDR=200.168.1.19
NETMASK=255.255.255.192
NETWORK=200.168.1.0
#GATEWAY=200.168.1.1
___________________________________________________________
#Placa Realtek, Uso Local, slot 1
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
IPADDR=172.17.1.6
BROADCAST=172.17.255.255
NETMASK=255.255.0.0
NETWORK=172.17.0.0
________________________________________________________
#NIC Realtek, link 2 ADSL
DEVICE=eth4
ONBOOT=yes
BOOTPROTO=static
BROADCAST=200.204.140.63
IPADDR=200.204.140.10
NETMASK=255.255.255.192
NETWORK=200.204.140.0

_________________________________________________
file /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=rbz-firewall
#GATEWAY=200.168.1.1
GATEWAY=200.204.140.1
___________________________________________________
file /etc/iproute2/rt_tables

#
# reserved values
#
#255    local
#254    main
#253    default
#0      unspec

#
# local
#
#1      inr.ruhep

Could some one help me??

Thanks

Sebasti?o Ant?nio Campos
Infojoi Computadores Ltda
89.224-000 Joinville -SC - R. Iriri?, 3587
Cml. (47) 437-0796 - Cel. (47) 9927-5349
tiao@xxxxxxxxxxxxxx
http://www.lupusnet.com.br