From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Samad Date: Mon, 09 May 2005 23:37:37 +0000 Subject: Re: [LARTC] Starting from scratch w/ multiple uplinks Message-Id: <20050509233737.GC15049@samad.com.au> MIME-Version: 1 Content-Type: multipart/mixed; boundary="===============1780826935==" List-Id: References: <756AAB68-8733-4BF4-A78F-146966BD9E0F@mediarete.it> In-Reply-To: <756AAB68-8733-4BF4-A78F-146966BD9E0F@mediarete.it> To: lartc@vger.kernel.org --===============1780826935== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="at6+YcpfzWZg/htY" Content-Disposition: inline --at6+YcpfzWZg/htY Content-Type: multipart/mixed; boundary="bKyqfOwhbdpXa4YI" Content-Disposition: inline --bKyqfOwhbdpXa4YI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 09, 2005 at 04:06:12PM -0400, Brian J. Murrell wrote: > On Mon, 2005-05-09 at 20:11 +0200, Markus Schulz wrote: > > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero: > > > Hi guys; > > > > > [...] > > > Here's what I want to know: > > > 1. Does an updated guide exist for multiple providers? > >=20 > > Look at this howto: http://www.ssi.bg/~ja/nano.txt >=20 > Indeed, and herein contains the patched needed to a kernel for it to > route packets with a given NATted source address out the right > interface. Not sure which patch(es) exactly in there do it if not all > of them are really needed for just that functionality. I haven't pacthed mine and it seems to work, using a debian 2.6.11-3 source package. What i have done is setup a set of files in /var/run/multigw{,.dev,.gw,.ip,.speed}, this are feed from scripts in /etc/ppp/ip-{up.d,down.d}/adsl - this populates the files with valid numbers when the line goes up or deletes the control file when going down. This scripts also run my multigw.sh which setups routes and ip rules as well - also setups up the SNAT rules are well, I have attached the script >=20 > I sure wish this patch would get rolled into the main kernel. I hate > having to maintain umpteen kernels for different tasks. >=20 > b. >=20 > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --bKyqfOwhbdpXa4YI Content-Type: application/x-sh Content-Disposition: attachment; filename="multidgw.sh" Content-Transfer-Encoding: quoted-printable #!/bin/dash=0A=0A=0A#=0A# tpg allow for asymetrical routing=0A# bigpond don= 't=0A#=0A# tpg have transparent proxy !! kills http with cable address=0A#= =0A=0A=0A=0A=0AFCB=3D"/var/run/multigw.cable"=0AFAD=3D"/var/run/multigw.ads= l"=0AFCBSPEED=3D"/var/run/multigw.cable.speed"=0AFADSPEED=3D"/var/run/multi= gw.adsl.speed"=0AFCBGW=3D"/var/run/multigw.cable.gw"=0AFADGW=3D"/var/run/mu= ltigw.adsl.gw"=0AFCBADDR=3D"/var/run/multigw.cable.ip"=0AFADADDR=3D"/var/ru= n/multigw.adsl.ip"=0AFCBDEV=3D"/var/run/multigw.cable.dev"=0AFADDEV=3D"/var= /run/multigw.adsl.dev"=0A=0A# Weighting higher more use=0ACBW=3D4=0AADW=3D2= =0A=0A# Use=0Aecho "128" > $FCBSPEED=0Aecho "64" > $FADSPEED=0A=0A=0ACBSPEE= D=3D"$(cat $FCBSPEED)"=0AADSPEED=3D"$(cat $FADSPEED)"=0A=0ACBGW=3D"$(cat $F= CBGW)"=0AADGW=3D"$(cat $FADGW)"=0A=0ACBADDR=3D"$(cat $FCBADDR)"=0AADADDR=3D= "$(cat $FADADDR)"=0A=0ACBDEV=3D"$(cat $FCBDEV)"=0AADDEV=3D"$(cat $FADDEV)"= =0A=0A=0A#if [ -x /usr/local/sbin/ip ]=0A#then=0A# IP=3D'/usr/local/sbin/ip= '=0A#else=0A# if [ -x /sbin/ip ]=0A# then=0A# echo 'Using old IP!'=0A# IP= =3D'/sbin/ip'=0A# else=0A# echo 'Unable to find ip'=0A# exit 1=0A# fi=0A#= fi=0AIP=3D"$(which ip)"=0AIPTABLES=3D"$(which iptables)"=0A=0A=0A=0A=0A=0A#= =0A# setup default routing !=0A# Only if both exist=0Aif [ -e $FCB ] && [ -= e $FAD ]=0Athen=0A $IP route replace default metric 5 nexthop via $CBGW dev= $CBDEV weight $CBW nexthop via $ADGW dev $ADDEV weight $ADW =0Afi=0A=0A= =0A#=0A# setup return traffic !=0A#=0A=0Ado_localroutes () {=0A=0A local TA= B=3D$1=0A=0A $IP route replace tab $TAB 192.168.11.0/24 dev br0 scope link= =0A $IP route replace tab $TAB 192.168.10.0/24 dev eth3 scope link=0A $IP r= oute replace tab $TAB 192.168.9.0/24 dev eth4 scope link=0A=0A}=0A=0A#=0A# = Setup the rules as well=0A# Cable=0A#if $IP rule | grep 'cable' > /dev/null= 2>&1 && [ -e $FCB ]=0Aif [ -e $FCB ]=0Athen=0A $IP rule del $($IP rule lis= t | grep 'cable' | cut -c 6-) > /dev/null 2>&1=0A $IP rule add from $CBADD= R/32 pref 200 table cable=0A $IP route replace tab cable default dev $CBDEV= via $CBGW=0A=0A do_localroutes cable=0A=0A # Fixed for Telstra=0A $IP rout= e replace 202.154.115.130 via $CBGW dev $CBDEV mtu 1460=0A $IP route repla= ce 61.9.128.0/17 via $CBGW dev $CBDEV=0A $IP route replace 144.135.0.0/16 v= ia $CBGW dev $CBDEV=0A #$IP route replace 203.57.240.0/23 via $CBGW dev $CB= DEV=0A $IP route replace 165.228.0.0/16 via $CBGW dev $CBDEV=0A=0A=0A IF=3D= $CBDEV SPEED=3D$CBSPEED /root/scripts/tcSet.sh restart=0A=0A #=0A # fix up = MASQ/SNAT =0A LN=3D"$($IPTABLES -t nat -nvL POSTROUTING --line-numbers | gr= ep -i MASQ | grep -i $CBDEV | awk '{print $1}')"=0A if [ ! -z $LN ]=0A the= n=0A $IPTABLES -t nat -D POSTROUTING $LN=0A fi=0A =0A LN=3D"$($IPTABLES -t= nat -nvL POSTROUTING --line-numbers | grep -i SNAT | grep -i $CBDEV | awk = '{print $1}')"=0A if [ ! -z $LN ]=0A then=0A # There are currently 2 MASQ= lines in POSTROUTING!=0A # This is good =0A $IPTABLES -t nat -D POSTROUT= ING $LN=0A fi=0A=0A $IPTABLES -t nat -I POSTROUTING -o $CBDEV -s 192.168.8.= 0/22 -j SNAT --to-source $CBADDR=0A=0Aelse=0A =0A IF=3D$CBDEV SPEED=3D$CBSP= EED /root/scripts/tcSet.sh stop=0A=0Afi=0A=0A# tpg=0A#if $IP rule | grep 'a= dsl' > /dev/null 2>&1 && [ -e $FAD ]=0Aif [ -e $FAD ]=0Athen=0A $IP rule de= l $($IP rule list | grep 'adsl' | cut -c 6-) > /dev/null 2>&1=0A $IP rule = add from $ADADDR/32 pref 201 table adsl=0A $IP route replace tab adsl defau= lt dev $ADDEV via $ADGW =0A=0A do_localroutes adsl=0A=0A=0A # Fixed for TPG= =0A $IP route replace 60.240.0.0/12 dev $ADDEV via $ADGW=0A $IP route repla= ce 203.12.160.0/22 dev $ADDEV via $ADGW=0A $IP route replace 203.26.16.0/20= dev $ADDEV via $ADGW=0A=0A $IP route replace 218.214.6.169/32 dev $ADDEV v= ia $ADGW=0A=0A IF=3D$ADDEV SPEED=3D$ADSPEED /root/scripts/tcSet.sh restart= =0A=0A #=0A # fix up MASQ/SNAT =0A LN=3D"$($IPTABLES -t nat -nvL POSTROUTIN= G --line-numbers | grep -i MASQ | grep -i $ADDEV | awk '{print $1}')"=0A if= [ ! -z $LN ]=0A then=0A $IPTABLES -t nat -D POSTROUTING $LN=0A fi=0A =0A= LN=3D"$($IPTABLES -t nat -nvL POSTROUTING --line-numbers | grep -i SNAT | = grep -i $ADDEV | awk '{print $1}')"=0A if [ ! -z $LN ]=0A then=0A # There= are currently 2 MASQ lines in POSTROUTING!=0A # This is good =0A $IPTABL= ES -t nat -D POSTROUTING $LN=0A fi=0A=0A $IPTABLES -t nat -I POSTROUTING -o= $ADDEV -s 192.168.8.0/22 -j SNAT --to-source $ADADDR=0A=0Aelse=0A =0A IF= =3D$ADDEV SPEED=3D$ADSPEED /root/scripts/tcSet.sh stop=0A=0Afi=0A=0A$IP rou= te replace 192.168.5.0/24 dev $CBDEV src 192.168.8.1=0A=0A$IP route flush c= ache=0A=0A=0Aexit 0=0A --bKyqfOwhbdpXa4YI-- --at6+YcpfzWZg/htY Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCf/RBkZz88chpJ2MRAjZ2AKDUJudZnP++UlFyovFWh89MLuykKACgsJqN SWP3+wyRxeFZ05+Y0mXeHd4= =kmhk -----END PGP SIGNATURE----- --at6+YcpfzWZg/htY-- --===============1780826935== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc --===============1780826935==--