From mboxrd@z Thu Jan 1 00:00:00 1970 From: guillaume Date: Sat, 04 Sep 2004 03:44:01 +0000 Subject: Re: [LARTC] Slipt 2 ISP strange routing problem Message-Id: <41399C74.1080700@vslitc.com> List-Id: References: <41370397.4080407@vslitc.com> In-Reply-To: <41370397.4080407@vslitc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org guillaume wrote: > Robert Kurjata wrote: > >> Cytowanie guillaume : >> >> >> >>> Dear all Lartc, >>> I try to split my Internet access to my 2 ISP with 1 linux >>> (GNU/Debian sarge) 3 NIC router, >>> I want all my users conneted with ISP1 and just some IP connected >>> with ISP2 >>> Here is my configuration: >>> >> >> >> [cut out a part] >> >> I would suggest slight change in fw rules below >> >> # special rules for some IPs to go on second ISP >> iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34 >> >> # SNAT RULES >> >> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4 >> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8 >> >> and trying the script below. It was taken from my Multipath/Policy >> routing case >> by wipeing out a multipath part, so its is lsightly too much, but I >> suppose (I >> didn't check) it should work. It is supposed to seamlesly integrate >> with multipath routing that's why so big, >> the idea behind is: >> 1. remove default routing from main table, >> 2. take care of routing from correct interface (correctness of source >> IP/ source >> interface pair), >> 3. policy routing of selected clients (table 210) >> 4. default routing of the others (table 211) >> Of course you can leave it for the main table, but for the sake of >> example >> i left it this way. >> >> Hope it can help. >> >> > [cut out a part] > > > Dear Robert, > > I try this script (adapted for my network) and I get the same problem: > > All my IP routed on my first ISP, no problem > With my 10.117.71.1 routed on my second ISP, > I can connect to my ISP network (I can connect to the gateway website > on 5.6.7.9) but > I cannot ping any external IP addresses. I also test a DNAT rule to access to my internal network with my second ISP external IP ... And it works fine, no problem ... iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 10.117.71.2:80 # my web server I don't know how to make this work for Inside -> outside connection ... Guillaume _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/