From mboxrd@z Thu Jan 1 00:00:00 1970 From: guillaume Date: Mon, 06 Sep 2004 08:21:20 +0000 Subject: Re: [LARTC] Slipt 2 ISP strange routing problem Message-Id: <413C7FC2.1050603@vslitc.com> List-Id: References: <41370397.4080407@vslitc.com> In-Reply-To: <41370397.4080407@vslitc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Robert Kurjata wrote: >Hello guillaume, > >Saturday, September 4, 2004, 12:44:04 PM, you wrote: > >g> guillaume wrote: > > > >>>Robert Kurjata wrote: >>> >>> >>> >>>>Cytowanie guillaume : >>>> >>>> >>>> >>>> >>>> >>>>>Dear all Lartc, >>>>>I try to split my Internet access to my 2 ISP with 1 linux >>>>>(GNU/Debian sarge) 3 NIC router, >>>>>I want all my users conneted with ISP1 and just some IP connected >>>>>with ISP2 >>>>>Here is my configuration: >>>>> >>>>> >>>>> >>>>[cut out a part] >>>> >>>>I would suggest slight change in fw rules below >>>> >>>># special rules for some IPs to go on second ISP >>>>iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34 >>>> >>>># SNAT RULES >>>> >>>>iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4 >>>>iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8 >>>> >>>>and trying the script below. It was taken from my Multipath/Policy >>>>routing case >>>>by wipeing out a multipath part, so its is lsightly too much, but I >>>>suppose (I >>>>didn't check) it should work. It is supposed to seamlesly integrate >>>>with multipath routing that's why so big, >>>>the idea behind is: >>>>1. remove default routing from main table, >>>>2. take care of routing from correct interface (correctness of source >>>>IP/ source >>>>interface pair), >>>>3. policy routing of selected clients (table 210) >>>>4. default routing of the others (table 211) >>>>Of course you can leave it for the main table, but for the sake of >>>>example >>>>i left it this way. >>>> >>>>Hope it can help. >>>> >>>> >>>> >>>> >>>[cut out a part] >>> >>> >>>Dear Robert, >>> >>>I try this script (adapted for my network) and I get the same problem: >>> >>>All my IP routed on my first ISP, no problem >>>With my 10.117.71.1 routed on my second ISP, >>>I can connect to my ISP network (I can connect to the gateway website >>>on 5.6.7.9) but >>>I cannot ping any external IP addresses. >>> >>> > >g> I also test a DNAT rule to access to my internal network with my second >g> ISP external >g> IP ... And it works fine, no problem ... > >g> iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT >g> --to 10.117.71.2:80 # my web server > >g> I don't know how to make this work for Inside -> outside connection ... > >g> Guillaume >g> _______________________________________________ >g> LARTC mailing list / LARTC@mailman.ds9a.nl >g> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >Of course I have the patches from Julian Anastasov applied >http://www.ssi.bg/~ja/#routes , maybe that's the point > > > In a first time no, but now, yes I have apply the routes-2.6.8-10.diff find on http://www.ssi.bg/~ja/#routes-2.6 by patch "patch -p1 < route-2.6.8-10.diff" there is no differences ... I could not access to Internet with our without the pach, How can I be sure that this pach is on my current kernel ? I will try to re-apply the pach and recompile my kernel. Thank you, Guillaume _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/