All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] need help on multiple isp routing
@ 2005-09-29  7:37 Anonymous
  2005-09-29  9:23 ` Anonymous
                   ` (6 more replies)
  0 siblings, 7 replies; 8+ messages in thread
From: Anonymous @ 2005-09-29  7:37 UTC (permalink / raw)
  To: lartc

i've read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article 
as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make 
this thing work. am i that helpless? :)

is there anyone to guide me through the multiple ISP setup?

into details. i got 2 dsl connections from different ISPs (A and B), both 
connections use PPPoE, both got assigned with dynamic IPs in different 
networks using different gateways. A is asynchronous 2048/256 while B is 
synchronous 1024/1024. both are connected to a Debian GNU Linux 3.1 box 
(P3/800, 384 RAM, 3 NICs - 2 for DSL and 1 for LAN) via separete NICs and 
both work as i've set both ppp connections to use unit option. default 
gateway for internet is B. got DNS server set up on the router to serve my 
local (LAN) zone and to forward requests to A's DNS servers because B's 
often fail to resolve and take much time to refresh their zones. right now i 
got iptables NAT set up to masquerade my LAN via B. provider B forces me to 
use their cache servers (www, ftp) which is very nasty as they aren't show 
my IP.

i want one of my local machines 192.168.0.16/26 to be masqueraded through A, 
while 4 others DHCP assigned PCs would use B. also i'd like to use B for ftp 
server set up on my router box.

some more details:

netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
213.219.88.1    0.0.0.0         255.255.255.255 UH        0 0          0 
ppp0
212.7.9.115     0.0.0.0         255.255.255.255 UH        0 0          0 
ppp1
192.168.0.0     0.0.0.0         255.255.255.192 U         0 0          0 
eth1
0.0.0.0         212.7.9.115     0.0.0.0         UG        0 0          0 
ppp1

ip route show table local
broadcast 127.255.255.255 dev lo  proto kernel  scope link  src 127.0.0.1
local 82.147.186.159 dev ppp1  proto kernel  scope host  src 82.147.186.159
broadcast 192.168.0.63 dev eth1  proto kernel  scope link  src 192.168.0.1
local 192.168.0.1 dev eth1  proto kernel  scope host  src 192.168.0.1
broadcast 192.168.0.0 dev eth1  proto kernel  scope link  src 192.168.0.1
local 213.219.95.230 dev ppp0  proto kernel  scope host  src 213.219.95.230
broadcast 127.0.0.0 dev lo  proto kernel  scope link  src 127.0.0.1
local 127.0.0.1 dev lo  proto kernel  scope host  src 127.0.0.1
local 127.0.0.0/8 dev lo  proto kernel  scope host  src 127.0.0.1

i'm not sure if it's correct but here's my iptables script:

#!/bin/sh
PPP=(ppp0 ppp1)
IP=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $3}'` 
`ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $3}'`)
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp+ -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -i ppp+ -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -i ppp+ -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -i ppp+ -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -m udp --dport 123 -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 55000:55500 -j ACCEPT 
#passive ftp
iptables -A INPUT -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 4663 -j ACCEPT
iptables -A FORWARD -i ppp1 -p udp -m udp --dport 4672 -j ACCEPT
iptables -A FORWARD -i ppp1 -p udp -m udp --dport 4673 -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp1 -p udp -m udp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -t mangle -A PREROUTING -p icmp -m icmp -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK 
ACK -m length --length 0:128 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK 
ACK -m length --length 128: -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p udp -m udp --sport 123 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p icmp -m icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m 
length --length 0:128 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m 
length --length 128: -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 20 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 21 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p udp -m udp --dport 53 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p udp -m udp --dport 123 -j TOS --set-tos 
Minimize-Delay
iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 4662 -j 
DNAT --to 192.168.0.16:4662
iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 4663 -j 
DNAT --to 192.168.0.62:4663
iptables -t nat -A PREROUTING -i ppp1 -p udp -m udp --dport 4672 -j 
DNAT --to 192.168.0.16:4672
iptables -t nat -A PREROUTING -i ppp1 -p udp -m udp --dport 4673 -j 
DNAT --to 192.168.0.62:4673
iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 5000:5010 -j 
DNAT --to 192.168.0.16:5000-5010
iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 15402 -j 
DNAT --to 192.168.0.16:15402
iptables -t nat -A PREROUTING -i ppp1 -p udp -m udp --dport 15402 -j 
DNAT --to 192.168.0.16:15402
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to 
192.168.0.1:3128
iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to ${IP[1]} 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-10-03 15:38 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-29  7:37 [LARTC] need help on multiple isp routing Anonymous
2005-09-29  9:23 ` Anonymous
2005-09-30  6:32 ` hareram
2005-09-30  7:35 ` Anonymous
2005-09-30  7:55 ` hareram
2005-10-01 19:13 ` Anonymous
2005-10-03 14:37 ` Anonymous
2005-10-03 15:38 ` /dev/rob0

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.