Re: can single linux box with dual gateway provide two separate connection ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



J. Bakshi wrote:
> J. Bakshi wrote:
>   
>> Hello list,
>>
>> This is not the traditional load-balancing or fail over technique which
>> I like to achieve through iptables but the objective is different.  I
>> have 2 different ISP connections. The Linux server is presently using
>> one ISP as well as do ip-forward to make it available for the LAN
>> users.  I have achieved this by
>>
>> ` ` `
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> iptables -A FORWARD -i ${WAN_IFACE} -o ${LAN_IFACE} -s 192.168.0.0/24 -m \
>> conntrack --ctstate NEW -j ACCEPT
>> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>> iptables -A POSTROUTING -t nat -j MASQUERADE
>> ` ` `
>>
>> cool. Now Some thing extra which I like to achieve. I like to put the
>> second ISP too into the server and use the above style iptables to
>> forward it to another lan card so that both the connection will be
>> available *separately* from the same server. Obviously server can choose
>> any one of these as its own gateway. Got the idea ? not a load-balancing
>> setup but the server will act as two separate modem actually to provide
>> two connections. I have followed
>>
>>  http://www.generationip.com/documentation/network-documentation/93-howto-setup-multi-default-gateway-on-linux
>>
>>
>> to configure the routing tables for these two ISPs. Frankly telling you
>> I have become a little confused now. Shall I now simply apply the above
>> iptable rules for the two connections or some thing more is required to
>> achieve this ? Obviously I can continue doing experiment to know the
>> answer but the server where I am working is acting as the default
>> gateway;  hence my liberty is also restricted to do this very
>> experiment.  could any one help me out to come out from this very
>> confusing stage ?
>> Thanks
>>
>>   
>>     
>
> Any hints from anyone ?
>
>
>   

It might be helpful to clarify with a schema

` ` `
ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1)
ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3
(192.168.1.2)
` ` `

So I need an iptables ruleset which can do this. I have in mind to apply

` ` `

echo 1 > /proc/sys/net/ipv4/ip_forward

# for ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1)

iptables -A FORWARD -i ${WAN_IFACE1} -o ${LAN_IFACE1} -s 192.168.0.0/24 -m \
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

# ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3 (192.168.2.1)

iptables -A FORWARD -i ${WAN_IFACE2} -o ${LAN_IFACE2} -s 192.168.0.0/24 -m \
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

` ` `

Is it OK ?





-- 
জয়দীপ বক্সী

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux