From mboxrd@z Thu Jan  1 00:00:00 1970
From: guillaume <guillaume.riviere@vslitc.com>
Date: Thu, 02 Sep 2004 04:27:56 +0000
Subject: [LARTC] Slipt 2 ISP strange routing problem
Message-Id: <41370397.4080407@vslitc.com>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Dear all Lartc,

I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian 
sarge) 3 NIC router,
I want all my users conneted with ISP1 and just some IP connected with ISP2

Here is my configuration:

Internal network: 10.117.71.0/24
                              Interface eth0

ISP1: IP for my linux box: 1.2.3.4/29
        Interface: eth1
        Gateway: 1.2.3.5

ISP2: IP for my linux box: 5.6.7.8/29
        interface: eth2
        gateway: 5.6.7.9    (in fact it's my adsl modem)

You can see below my configuration for iptables and iproute2

I get a strange problem:

All my user can connect to internet with ISP1, there is no problem.

But when I try with 10.117.71.1 (the one routed to ISP2),
I can connect to the gateway (5.6.7.9), that mean that I am correctly 
routed.
But I cannot connect (or ping) internet. I think packets are send but 
when the
web site (google.com for exemple) reply, my packets are not routed back.

I also try to connect to 5.6.7.9 (ISP2 gateway) from other internal IP 
(routed on ISP1),
and it's not possible, but for the moment it's not a problem for me.

I test my connection from my modem (gateway ISP2), no problem.

Is there some kind guru of iptables and iproute2 to help me on this ?

Thank you in advance,
Guillaume

Here is my script for routing and iptables:
#################################
# ISP2
/sbin/ip route flush table 5
/sbin/ip route add table 5 default via 5.6.7.9 dev eth2
/sbin/ip rule add fwmark 5 table 5

echo "firewall constants setup"

# FLUSH the tables
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t mangle -F PREROUTING

## Mangeling Rules ##

# special rules for some IPs to go on second ISP
iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 5


# SNAT RULES

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
iptables -t nat -A POSTROUTING -o eth2 -s 10.117.71.1 -j SNAT --to 5.6.7.8


###############################################
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
auto lo
iface lo inet loopback

# (network, broadcast and gateway are optional)
auto eth1 eth0 eth2

# local network (LAN)
iface eth0 inet static
       address 10.117.71.1
       netmask 255.255.255.0

# external network (ISP1)
iface eth1 inet static
       address 1.2.3.4
       netmask 255.255.255.248
       gateway 1.2.3.5

iface eth2 inet static
       address 5.6.7.8
       netmask 255.255.255.248

#######################################

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/