* [LARTC] load balancing between two dsl links
@ 2005-02-09 8:40 ro0ot
2005-02-09 18:20 ` ro0ot
2005-02-09 18:36 ` Bernardo Silveira
0 siblings, 2 replies; 3+ messages in thread
From: ro0ot @ 2005-02-09 8:40 UTC (permalink / raw)
To: lartc
Hi,
I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps
uplink and DSL 2 - 2Mbps downlink/512kpbs uplink)
I would like to only allow ftp, pop3 and http via the DSL 1 and only
smtp, ipsec and pptp via DSL 2.
How can I do so? Can I use iproute to route these protocols?
Below is my ip routing: -
# DSL 1
ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1
ip route add default via 2.2.2.209 table 1
# DSL 2
ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2
ip route add default via 3.3.3.117 table 2
ip rule add from 2.2.2.208/30 lookup 1
ip rule add from 3.3.3.116/30 lookup 2
ip route add 3.3.3.116/30 dev eth2 table 1
ip route add 10.59.2.0/24 dev eth1 table 1
ip route add 127.0.0.0/8 dev lo table 1
ip route add 2.2.2.208/30 dev eth0 table 2
ip route add 10.59.2.0/24 dev eth1 table 2
ip route add 127.0.0.0/8 dev lo table 2
ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight
1 nexthop via 3.3.3.117 dev eth2 weight 1
Below is my iptables: -
lanif="eth1"
squid_box="10.59.2.3"
lan_net="10.59.2.0/24"
$ECHO 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport
80 -j DNAT --to $squid_box:3128
$IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j
SNAT --to $lan_ip
$IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p
tcp --dport 3128 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -j MASQUERADE
Regards,
ro0ot
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] load balancing between two dsl links
2005-02-09 8:40 [LARTC] load balancing between two dsl links ro0ot
@ 2005-02-09 18:20 ` ro0ot
2005-02-09 18:36 ` Bernardo Silveira
1 sibling, 0 replies; 3+ messages in thread
From: ro0ot @ 2005-02-09 18:20 UTC (permalink / raw)
To: lartc
Hi,
I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps
uplink and DSL 2 - 2Mbps downlink/512kpbs uplink)
I would like to only allow ftp, pop3 and http via the DSL 1 and only
smtp, ipsec and pptp via DSL 2.
How can I do so? Can I use iproute to route these protocols?
Below is my ip routing: -
# DSL 1
ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1
ip route add default via 2.2.2.209 table 1
# DSL 2
ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2
ip route add default via 3.3.3.117 table 2
ip rule add from 2.2.2.208/30 lookup 1
ip rule add from 3.3.3.116/30 lookup 2
ip route add 3.3.3.116/30 dev eth2 table 1
ip route add 10.59.2.0/24 dev eth1 table 1
ip route add 127.0.0.0/8 dev lo table 1
ip route add 2.2.2.208/30 dev eth0 table 2
ip route add 10.59.2.0/24 dev eth1 table 2
ip route add 127.0.0.0/8 dev lo table 2
ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight
1 nexthop via 3.3.3.117 dev eth2 weight 1
Below is my iptables: -
lanif="eth1"
squid_box="10.59.2.3"
lan_net="10.59.2.0/24"
$ECHO 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport
80 -j DNAT --to $squid_box:3128
$IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j
SNAT --to $lan_ip
$IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p
tcp --dport 3128 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -j MASQUERADE
Regards,
ro0ot
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [LARTC] load balancing between two dsl links
2005-02-09 8:40 [LARTC] load balancing between two dsl links ro0ot
2005-02-09 18:20 ` ro0ot
@ 2005-02-09 18:36 ` Bernardo Silveira
1 sibling, 0 replies; 3+ messages in thread
From: Bernardo Silveira @ 2005-02-09 18:36 UTC (permalink / raw)
To: lartc
On Thu, 10 Feb 2005 02:20:56 +0800, ro0ot <ro0ot@phreaker.net> wrote:
> Hi,
>
> I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps
> uplink and DSL 2 - 2Mbps downlink/512kpbs uplink)
>
> I would like to only allow ftp, pop3 and http via the DSL 1 and only
> smtp, ipsec and pptp via DSL 2.
>
> How can I do so? Can I use iproute to route these protocols?
>
> Below is my ip routing: -
>
> # DSL 1
> ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1
> ip route add default via 2.2.2.209 table 1
>
> # DSL 2
> ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2
> ip route add default via 3.3.3.117 table 2
>
> ip rule add from 2.2.2.208/30 lookup 1
> ip rule add from 3.3.3.116/30 lookup 2
>
> ip route add 3.3.3.116/30 dev eth2 table 1
> ip route add 10.59.2.0/24 dev eth1 table 1
> ip route add 127.0.0.0/8 dev lo table 1
>
> ip route add 2.2.2.208/30 dev eth0 table 2
> ip route add 10.59.2.0/24 dev eth1 table 2
> ip route add 127.0.0.0/8 dev lo table 2
>
> ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight
> 1 nexthop via 3.3.3.117 dev eth2 weight 1
>
> Below is my iptables: -
>
> lanif="eth1"
> squid_box="10.59.2.3"
> lan_net="10.59.2.0/24"
>
> $ECHO 1 > /proc/sys/net/ipv4/ip_forward
>
> $IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport
> 80 -j DNAT --to $squid_box:3128
> $IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j
> SNAT --to $lan_ip
> $IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p
> tcp --dport 3128 -j ACCEPT
>
> $IPTABLES -t nat -A POSTROUTING -j MASQUERADE
>
> Regards,
> ro0ot
Hi,
You can use:
ipchains -A INPUT -p tcp -s 0/0 --dport 21 -m 1
ipchains -A INPUT -p tcp -s 0/0 --dport 110 -m 1
and
ip rule add fwmark 1 table 1 prio 15000
And the same for the other DSL.
BTW, is the current configuration working ok now? What kernel are you
using, which patches? Because I'm using a similar configuration and
I'm having issues with some connections timing out.
Regards,
Bernardo Silveira
Via IP Soluções para Internet
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-02-09 18:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-09 8:40 [LARTC] load balancing between two dsl links ro0ot
2005-02-09 18:20 ` ro0ot
2005-02-09 18:36 ` Bernardo Silveira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.