J. Bakshi wrote:
> J. Bakshi wrote:
>
>> Hello list,
>>
>> This is not the traditional load-balancing or fail over technique which
>> I like to achieve through iptables but the objective is different. I
>> have 2 different ISP connections. The Linux server is presently using
>> one ISP as well as do ip-forward to make it available for the LAN
>> users. I have achieved this by
>>
>> ` ` `
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> iptables -A FORWARD -i ${WAN_IFACE} -o ${LAN_IFACE} -s 192.168.0.0/24 -m \
>> conntrack --ctstate NEW -j ACCEPT
>> iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
>> iptables -A POSTROUTING -t nat -j MASQUERADE
>> ` ` `
>>
>> cool. Now Some thing extra which I like to achieve. I like to put the
>> second ISP too into the server and use the above style iptables to
>> forward it to another lan card so that both the connection will be
>> available *separately* from the same server. Obviously server can choose
>> any one of these as its own gateway. Got the idea ? not a load-balancing
>> setup but the server will act as two separate modem actually to provide
>> two connections. I have followed
>>
>> http://www.generationip.com/documentation/network-documentation/93-howto-setup-multi-default-gateway-on-linux
>>
>>
>> to configure the routing tables for these two ISPs. Frankly telling you
>> I have become a little confused now. Shall I now simply apply the above
>> iptable rules for the two connections or some thing more is required to
>> achieve this ? Obviously I can continue doing experiment to know the
>> answer but the server where I am working is acting as the default
>> gateway; hence my liberty is also restricted to do this very
>> experiment. could any one help me out to come out from this very
>> confusing stage ?
>> Thanks
>>
>>
>>
>
> Any hints from anyone ?
>
>
>
It might be helpful to clarify with a schema
` ` `
ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1)
ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3
(192.168.1.2)
` ` `
So I need an iptables ruleset which can do this. I have in mind to apply
` ` `
echo 1 > /proc/sys/net/ipv4/ip_forward
# for ISP1 ---> eth0 ---> debian server ---> ip_forwarding >> eth1 (192.168.1.1)
iptables -A FORWARD -i ${WAN_IFACE1} -o ${LAN_IFACE1} -s 192.168.0.0/24 -m \
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
# ISP2 ---> eth2 ---> same debian server ---> ip_forwarding >> eth3 (192.168.2.1)
iptables -A FORWARD -i ${WAN_IFACE2} -o ${LAN_IFACE2} -s 192.168.0.0/24 -m \
conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
` ` `
Is it OK ?
--
জয়দীপ বক্সী
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
