J. Bakshi wrote: > J. Bakshi wrote: > >> Hello list, >> >> This is not the traditional load-balancing or fail over technique which >> I like to achieve through iptables but the objective is different. I >> have 2 different ISP connections. The Linux server is presently using >> one ISP as well as do ip-forward to make it available for the LAN >> users. I have achieved this by >> >> ` ` ` >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> iptables -A FORWARD -i ${WAN_IFACE} -o ${LAN_IFACE} -s 192.168.0.0/24 -m \ >> conntrack --ctstate NEW -j ACCEPT >> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >> iptables -A POSTROUTING -t nat -j MASQUERADE >> ` ` ` >> >> cool. Now Some thing extra which I like to achieve. I like to put the >> second ISP too into the server and use the above style iptables to >> forward it to another lan card so that both the connection will be >> available *separately* from the same server. Obviously server can choose >> any one of these as its own gateway. Got the idea ? not a load-balancing >> setup but the server will act as two separate modem actually to provide >> two connections. I have followed >> >> http://www.generationip.com/documentation/network-documentation/93-howto-setup-multi-default-gateway-on-linux >> >> >> to configure the routing tables for these two ISPs. Frankly telling you >> I have become a little confused now. Shall I now simply apply the above >> iptable rules for the two connections or some thing more is required to >> achieve this ? Obviously I can continue doing experiment to know the >> answer but the server where I am working is acting as the default >> gateway; hence my liberty is also restricted to do this very >> experiment. could any one help me out to come out from this very >> confusing stage ? >> Thanks >> >> >> > > Any hints from anyone ? > > > It might be helpful to clarify with a schema ` ` ` ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1) ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3 (192.168.1.2) ` ` ` So I need an iptables ruleset which can do this. I have in mind to apply ` ` ` echo 1 > /proc/sys/net/ipv4/ip_forward # for ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1) iptables -A FORWARD -i ${WAN_IFACE1} -o ${LAN_IFACE1} -s 192.168.0.0/24 -m \ conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE # ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3 (192.168.2.1) iptables -A FORWARD -i ${WAN_IFACE2} -o ${LAN_IFACE2} -s 192.168.0.0/24 -m \ conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE ` ` ` Is it OK ? -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html