From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Brian J. Murrell" Date: Fri, 26 Nov 2004 16:44:18 +0000 Subject: Re: [LARTC] simple dual Internet connection setup not sending Message-Id: <1101487458.8287.133.camel@pc> MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-nypYMEVnkfAhKUArhrWT" List-Id: References: <1101398346.8287.66.camel@pc> In-Reply-To: <1101398346.8287.66.camel@pc> To: lartc@vger.kernel.org --=-nypYMEVnkfAhKUArhrWT Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2004-11-26 at 17:17 +0100, diab wrote: > iirc, to have two working internet connections on one (nat'ing) > computer you basically need two things (in my example its eth0 and > eth1) >=20 > 1) SNAT to the right source address, like > iptables -A POSTROUTING -j nat -t SNAT [-s from.where or -d to.where]\ > --to-source source.addr.of.eth0 Surely you mean -t nat -j SNAT? > iptables -A POSTROUTING -j nat -t SNAT [-s from.where or -d to.where]\ > --to-source source.addr.of.eth1 Ditto on the transposition of -j and -t. But these two iptables rules conflict with each other. If -s "from.where" is my internal lan and the same in both rules, they are both trying to do the SNATting of the same packets. In my two rules, I added a -o (where is the interface matching the source.addr.of.). >=20 > 2) two routing tables, like > ip route add default via eth0.gateway.ip.address dev eth0 table 1 got it: ip route add 0/0 via 66.11.190.1 dev ppp0 table 1 > ip route add default via eth1.gateway.ip.address dev eth1 table 2 got it: ip route add 0/0 via 24.235.240.1 dev eth1 table 2 > maybe you dont even need the "via xx" thing, the dev xxx is enough. >=20 > then you can classify packets to use the connection you want using > ip rule add WHATEVER lookup N (whatever could be "to x.x.x.x" or "from > x.x.x.x", same as in the SNAT example, N could be 1 or 2) >=20 > if you want the router to respond to packets correcty (ie. to answer > ping on both interfaces) you need to > ip rule add iif eth0 lookup 1 > ip rule add iif eth1 lookup 2 I have: ip rule add from 66.11.173.224 lookup 1 ip rule add from 24.235.240.15 lookup 2 what is "iif" in your above examples? I don't see an "iif" syntax when I do "ip rule help". I get: Usage: ip rule [ list | add | del ] SELECTOR ACTION SELECTOR :=3D [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ] [ dev STRING ] [ pref NUMBER ] ACTION :=3D [ table TABLE_ID ] [ nat ADDRESS ] [ prohibit | reject | unreachable ] [ realms [SRCREALM/]DSTREALM ] TABLE_ID :=3D [ local | main | default | NUMBER ] Thanx much for your input! b. --=-nypYMEVnkfAhKUArhrWT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBBp11il3EQlGLyuXARArXaAKCtI3l3zJKaX3dYYvwWewu8FEEFYgCgmPED zlhd8WBpeEL6R2cnJxfHPIs= =jLhx -----END PGP SIGNATURE----- --=-nypYMEVnkfAhKUArhrWT-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/