How to bind 2 WAN 1 LAN ?

How to bind 2 WAN 1 LAN ?

[冷日]

[-- Attachment #1: Type: text/plain, Size: 1474 bytes --]

Dear all...

I'm a Chinese and I don't think that my English is well .
But I have a big problem in use IPTABLES .
I've looked all the documents and FAQs , but I can't find a solution to
solve my problem .
At last I decide to ask you in my poor English ...^^||

I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT server
.
I have make it running iptables-1.2.2-6 .
It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2
ADSL (one of my ADSL is pppoe another one is static IP) .
Now I want to bind thy all in my NAT server .
I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
192.168.1.192/255.255.255.192 .

That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0)
and the final part go through with static IP(because they are my servers) .

My biggest problem is in Linux I can't set the default gateway otherwise the
ppp0 will not work .
But if ppp0 is working I can't find who to make my final part
(192.168.1.192/26) go through the eth0 out or aome in  ...-.-"

I have do my best to explain my problem .
If you can't understand my question maybe can find somebody who know my
English or can talk in Chinese will better .

Sincerely yours
thanks a lot...^^

------------------------------
鼎易印刷資訊室
Dinyi Printing CO. LTD
RaykeySu
raykey@dinyi.com.tw
------------------------------

[-- Attachment #2: iptable_question_mail.txt --]
[-- Type: text/plain, Size: 2126 bytes --]

Dear all...

I'm a Chinese and I don't think that my English is well .
But I have a big problem in use IPTABLES .
I've looked all the documents and FAQs , but I can't find a solution to solve my problem .
At last I decide to ask you in my poor English ...^^||

I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT server .
I have make it running iptables-1.2.2-6 .
It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2 ADSL (one of my ADSL is pppoe another one is static IP) .
Now I want to bind thy all in my NAT server .
I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 & 192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 & 192.168.1.192/255.255.255.192 .

That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0) and the final part go through with static IP(because they are my servers) .

The following diagram would illustrate it quite well if I had any artistic talent:

|------------------|
| 192.168.1.0 ~ 63 |----+					   (ppp0)
|------------------|	|	|-----------------------|	|-----------|
			|>......|...........>DHCP (eth2)|-------|ADSL modem |------WAN
|------------------|	|	|			|	|-----------|
|192.168.1.64 ~ 128|----+	|			|
|------------------|	|	|			|	|-----------|
			|	|     61.aa.bb.cc (eth0)|-------|61.aa.bb.cd|------WAN
|------------------|	|	|			|	|-----------|
|192.168.1.129~ 191|----+-------|192.168.1.254	(eth1)	|	  (Gateway)
|------------------|		|-----------------------|		|
					|>.............................>|
|------------------|			|
|192.168.1.192~ 253|--------------------+
|------------------|

My biggest problem is in Linux I can't set the default gateway otherwise the ppp0 will not work .
But if ppp0 is working I can't find who to make my final part (192.168.1.192/26) go through the eth0 out or aome in  ...-.-"

I have do my best to explain my problem .
If you can't understand my question maybe can find somebody who know my English or can talk in Chinese will better .

Sincerely yours
thanks a lot...^^

Re: How to bind 2 WAN 1 LAN ?

[Antony Stone]

On Thursday 24 October 2002 6:25 am, ?? wrote:

> Dear all...
>
> I'm a Chinese and I don't think that my English is well .

Don't worry.   I'm sure it will get better :-)

> I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT
> server .
> I have make it running iptables-1.2.2-6 .
> It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
> I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2
> ADSL (one of my ADSL is pppoe another one is static IP) .
> Now I want to bind thy all in my NAT server .
> I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
> 192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
> 192.168.1.192/255.255.255.192 .
>
> That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0)
> and the final part go through with static IP(because they are my servers) .

You need to use iproute2 to set up source-based policy routing.

Netfilter will not change the routing of your packets for you, therefore it 
will not help you do what you want.

Iproute2 will let you set up a more complicated routing table than the 
standard 'route' command, and then netfilter will happily process the packets 
as they go through.

Antony.

-- 

Never write it in Perl if you can do it in Awk.
Never do it in Awk if sed can handle it.
Never use sed when tr can do the job.
Never invoke tr when cat is sufficient.
Avoid using cat whenever possible.

Re: How to bind 2 WAN 1 LAN ?

[murphy]

> Dear all...
>
> I'm a Chinese and I don't think that my English is well .
> But I have a big problem in use IPTABLES .
> I've looked all the documents and FAQs , but I can't find a solution to
> solve my problem .
> At last I decide to ask you in my poor English ...^^||
>
> I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT server
> .
> I have make it running iptables-1.2.2-6 .
> It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
> I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2
> ADSL (one of my ADSL is pppoe another one is static IP) .
> Now I want to bind thy all in my NAT server .
> I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
> 192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
> 192.168.1.192/255.255.255.192 .
>
> That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0)
> and the final part go through with static IP(because they are my servers) .
>
> My biggest problem is in Linux I can't set the default gateway otherwise the
> ppp0 will not work .
> But if ppp0 is working I can't find who to make my final part
> (192.168.1.192/26) go through the eth0 out or aome in  ...-.-"
>
> I have do my best to explain my problem .
> If you can't understand my question maybe can find somebody who know my
> English or can talk in Chinese will better .

I think the problem may be solved by the newer version of route, it
is calles iproute2, with this you can set the routing according to
sources or destination.

Hope this helps ...



> Sincerely yours
> thanks a lot...^^
>
> ------------------------------
> ¹©©ö¦L¨ê¸ê°T«Ç
> Dinyi Printing CO. LTD
> RaykeySu
> raykey@dinyi.com.tw
> ------------------------------
>

C.U. MC Murphy
PGP-fingerprint: 8640 43BF 0807 8349 67F4  C0CE CBA9 83BA 197B 3ED4

RE: How to bind 2 WAN 1 LAN ?

[George Vieira]

I'm totally confused on your problem and maybe a drawing using TEXT
characters might be better. Sounds like your problem is NOT an IPtables
problem but more a routing issue.

You talk about parts which I have no idea what they are.. ie "preceding 3
part go"
can you explain further without using words like "it","they","that"..etc.. 
 
Thanks,
____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd
Systems Manager
georgev@citadelcomputer.com.au
http://www.citadelcomputer.com.au
 


-----Original Message-----
From: raykey@dinyi.com.tw [mailto:raykey@dinyi.com.tw]
Sent: Thursday, 24 October 2002 3:25 PM
To: netfilter-announce@lists.netfilter.org
Cc: netfilter@lists.samba.org
Subject: How to bind 2 WAN 1 LAN ?


Dear all...

I'm a Chinese and I don't think that my English is well .
But I have a big problem in use IPTABLES .
I've looked all the documents and FAQs , but I can't find a solution to
solve my problem .
At last I decide to ask you in my poor English ...^^||

I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT server
.
I have make it running iptables-1.2.2-6 .
It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2
ADSL (one of my ADSL is pppoe another one is static IP) .
Now I want to bind thy all in my NAT server .
I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
192.168.1.192/255.255.255.192 .

That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0)
and the final part go through with static IP(because they are my servers) .

My biggest problem is in Linux I can't set the default gateway otherwise the
ppp0 will not work .
But if ppp0 is working I can't find who to make my final part
(192.168.1.192/26) go through the eth0 out or aome in  ...-.-"

I have do my best to explain my problem .
If you can't understand my question maybe can find somebody who know my
English or can talk in Chinese will better .

Sincerely yours
thanks a lot...^^

------------------------------
¹©©ö¦L¨ê¸ê°T«Ç
Dinyi Printing CO. LTD
RaykeySu
raykey@dinyi.com.tw
------------------------------

Re: How to bind 2 WAN 1 LAN ?

[Andrew Smith]

> On Thursday 24 October 2002 6:25 am, ?? wrote:
> 
>> Dear all...
>>
>> I'm a Chinese and I don't think that my English is well .
> 
> Don't worry.   I'm sure it will get better :-)
> 
>> I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT
>> server .
>> I have make it running iptables-1.2.2-6 .
>> It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
>> I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0
>> and 2 ADSL (one of my ADSL is pppoe another one is static IP) .
>> Now I want to bind thy all in my NAT server .
>> I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
>> 192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
>> 192.168.1.192/255.255.255.192 .
>>
>> That I wish the preceding 3 part go out and in with the pppoe ADSL
>> (ppp0) and the final part go through with static IP(because they are
>> my servers) .
> 
> You need to use iproute2 to set up source-based policy routing.
> 
> Netfilter will not change the routing of your packets for you,
> therefore it  will not help you do what you want.
> 
> Iproute2 will let you set up a more complicated routing table than the 
> standard 'route' command, and then netfilter will happily process the
> packets  as they go through.
> 
> Antony.

Actually, it depends on the ISPs or who supplies the WANs
If there is no egress filtering on one or both of the WAN connections
then you do not NEED to use iproute2 you can just route all outgoing
data out one of the connections.

e.g. I have 2 ADSL ISPs (one DHCP and one static) but I route all my
traffic out of only one of them (DHCP at the moment) since my ISP's do
not do any egress filtering

typical in Australia to NOT have egress filtering
typical in USA to HAVE egress filtering

egress filtering - use google to look it up
basically: only allow source IP's to match the IP addresses supplied
 in the connection - drop all outgoing traffic that doesn't have the
 expected source IP addresses

-- 
-Cheers
-Andrew

MS ... if only he hadn't been hang gliding!

Re: How to bind 2 WAN 1 LAN ?

[Antony Stone]

On Thursday 24 October 2002 11:01 pm, George Vieira wrote:

> I'm totally confused on your problem and maybe a drawing using TEXT
> characters might be better. Sounds like your problem is NOT an IPtables
> problem but more a routing issue.

I agree with this diagnosis.

> You talk about parts which I have no idea what they are.. ie "preceding 3
> part go" can you explain further without using words like "it", "they",
> "that" ..etc..

I believe what the original poster is trying to do is to split his internal 
network into 4 ranges of IP addresses, each containing 64 IPs, and to route 
three of them via one ISP, and the other one via his other ISP.

Here is what I posted in reply to this last Thursday:
____

You need to use iproute2 to set up source-based policy routing.

Netfilter will not change the routing of your packets for you, therefore it 
will not help you do what you want.

Iproute2 will let you set up a more complicated routing table than the 
standard 'route' command, and then netfilter will happily process the packets 
as they go through.
 

Antony.

-- 

Ramdisk is not an installation procedure.

RE: How to bind 2 WAN 1 LAN ?

[George Vieira]

You need a combination of iptables and iproute2 to do what you want because
routing is based on it's DESTINATION address and you need to route on your
SOURCE address so it uses a different route depending on which source IP is
in the packet..

Refer to this page which is sort of what you want BUT not exact. It'll give
you some ideas...

http://www.samag.com/documents/s=1824/sam0201h/

 
 
Thanks,
____________________________________________
George Vieira
Systems Manager
georgev@citadelcomputer.com.au 
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644
HelpDesk: +61 2 9955 2698  
http://www.citadelcomputer.com.au
 


-----Original Message-----
From: raykey@dinyi.com.tw [mailto:raykey@dinyi.com.tw]
Sent: Thursday, 24 October 2002 3:25 PM
To: netfilter-announce@lists.netfilter.org
Cc: netfilter@lists.samba.org
Subject: How to bind 2 WAN 1 LAN ?


Dear all...

I'm a Chinese and I don't think that my English is well .
But I have a big problem in use IPTABLES .
I've looked all the documents and FAQs , but I can't find a solution to
solve my problem .
At last I decide to ask you in my poor English ...^^||

I have a Linux server (Turbo Linux7.0 in kernel 2.4.9-3) to be my NAT server
.
I have make it running iptables-1.2.2-6 .
It have 3 NIC(Network interface Card) eth0.eth1.eth2 .
I have 1 LAN and 2 WAN interface they are 192.168.1.0/255.255.255.0 and 2
ADSL (one of my ADSL is pppoe another one is static IP) .
Now I want to bind thy all in my NAT server .
I rty to cut my LAN to 4 part are 192.168.1.0/255.255.255.192 &
192.168.1.64/255.255.255.192 & 192.168.1.128/255.255.255.192 &
192.168.1.192/255.255.255.192 .

That I wish the preceding 3 part go out and in with the pppoe ADSL (ppp0)
and the final part go through with static IP(because they are my servers) .

My biggest problem is in Linux I can't set the default gateway otherwise the
ppp0 will not work .
But if ppp0 is working I can't find who to make my final part
(192.168.1.192/26) go through the eth0 out or aome in  ...-.-"

I have do my best to explain my problem .
If you can't understand my question maybe can find somebody who know my
English or can talk in Chinese will better .

Sincerely yours
thanks a lot...^^

------------------------------
¹©©ö¦L¨ê¸ê°T«Ç
Dinyi Printing CO. LTD
RaykeySu
raykey@dinyi.com.tw
------------------------------