* [LARTC] dual-isp incoming traffic problems
@ 2005-10-11 23:26 Daniel Wittenberg
2005-10-11 23:58 ` David Boreham
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Daniel Wittenberg @ 2005-10-11 23:26 UTC (permalink / raw)
To: lartc
I have two ISP connections, and am having some issues. I can connect to
any services on the firewall, like the smtp gateway, but anything on the
internal server only works from one connection. The lartc guide has a
good example for what to do for services on the box, but leaves it open
for how to handle services on an internal host. I've tried using
iptables to mark the packets incoming, but that doesn't seem to work.
ip route add default via 1.1.1.254 table T1 dev eth0
ip rule add from 1.1.1.2 table T1 ** Real IP
ip rule add from 1.1.1.3 table T1 ** eth0:0 IP
ip rule add from 1.1.1.4 table T1 ** eth0:1 IP
ip rule add fwmark 1 table T1
and similar for ISP connection #2, with:
ip route flush cache
as the last part. Any ideas on how to get connections through to the
internal server from both ISP's?
ISP #1 --
\
-- Linux Firewall -- internal server
/
ISP #2 --
Thanks,
Dan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] dual-isp incoming traffic problems
2005-10-11 23:26 [LARTC] dual-isp incoming traffic problems Daniel Wittenberg
@ 2005-10-11 23:58 ` David Boreham
2005-10-12 0:40 ` Daniel Wittenberg
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: David Boreham @ 2005-10-11 23:58 UTC (permalink / raw)
To: lartc
Daniel Wittenberg wrote:
>I have two ISP connections, and am having some issues. I can connect to
>any services on the firewall, like the smtp gateway, but anything on the
>internal server only works from one connection.
>
I think we do what you're trying to achieve, but before I spend
the time to dive into the details, let's confirm what you're looking to do:
You have two upstream connections and separate public IP
subnet allocations from each ISP, yes ? You're not running BGP, right ?
You have a single Linux router that has three physical interfaces :
one connects to ISP A, the next to ISP B and the third to the internal
network, correct ?
Let me know if I got all this right. If so then we run much the
same setup here and I can tell you how we configured it
(I do remember it took several days of reading kernel
source code and tcpdump'ing to get it all working).
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] dual-isp incoming traffic problems
2005-10-11 23:26 [LARTC] dual-isp incoming traffic problems Daniel Wittenberg
2005-10-11 23:58 ` David Boreham
@ 2005-10-12 0:40 ` Daniel Wittenberg
2005-10-12 0:49 ` Nelson Castillo
2005-10-12 5:13 ` McDaeMonD
3 siblings, 0 replies; 5+ messages in thread
From: Daniel Wittenberg @ 2005-10-12 0:40 UTC (permalink / raw)
To: lartc
Sounds like you are right on track to what I've got. Dual - isp, no BGP
(DSL connections),and 3 interfaces, with at least a /28 on each ISP
connection.
That would be great if you have any insight!
Dan
On Tue, 2005-10-11 at 17:58 -0600, David Boreham wrote:
> Daniel Wittenberg wrote:
>
> >I have two ISP connections, and am having some issues. I can connect to
> >any services on the firewall, like the smtp gateway, but anything on the
> >internal server only works from one connection.
> >
> I think we do what you're trying to achieve, but before I spend
> the time to dive into the details, let's confirm what you're looking to do:
> You have two upstream connections and separate public IP
> subnet allocations from each ISP, yes ? You're not running BGP, right ?
> You have a single Linux router that has three physical interfaces :
> one connects to ISP A, the next to ISP B and the third to the internal
> network, correct ?
>
> Let me know if I got all this right. If so then we run much the
> same setup here and I can tell you how we configured it
> (I do remember it took several days of reading kernel
> source code and tcpdump'ing to get it all working).
>
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] dual-isp incoming traffic problems
2005-10-11 23:26 [LARTC] dual-isp incoming traffic problems Daniel Wittenberg
2005-10-11 23:58 ` David Boreham
2005-10-12 0:40 ` Daniel Wittenberg
@ 2005-10-12 0:49 ` Nelson Castillo
2005-10-12 5:13 ` McDaeMonD
3 siblings, 0 replies; 5+ messages in thread
From: Nelson Castillo @ 2005-10-12 0:49 UTC (permalink / raw)
To: lartc
> Any ideas on how to get connections through to the
> internal server from both ISP's?
> ISP #1 --
> \
> -- Linux Firewall -- internal server
> /
> ISP #2 --
Looks like you have the same problems I had.
Check if this works for you:
http://mailman.ds9a.nl/pipermail/lartc/2005q3/016832.html
Regards.
--
Homepage : http://geocities.com/arhuaco
The first principle is that you must not fool yourself
and you are the easiest person to fool.
-- Richard Feynman.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [LARTC] dual-isp incoming traffic problems
2005-10-11 23:26 [LARTC] dual-isp incoming traffic problems Daniel Wittenberg
` (2 preceding siblings ...)
2005-10-12 0:49 ` Nelson Castillo
@ 2005-10-12 5:13 ` McDaeMonD
3 siblings, 0 replies; 5+ messages in thread
From: McDaeMonD @ 2005-10-12 5:13 UTC (permalink / raw)
To: lartc
i have the same prob with this and i add some problem :-)
i have 2 isp, and got dhcp from them, and every 6 hour isp b refresh
the ip,default gw,ns and every 8 hour isp b refresh the ip,default
gw,ns
so i put 2 router and 1 gw
modem modem
| |
| dhcp | dhcp
Router Router
| 10.1.1.1 | 10.2.2.2
| |
\ /
\ /
gw
|
| 192.168.0.254
|
internal net
have a route like at http://lartc.org/howto/lartc.rpdb.multiple-links.html
this is to much ? having 2 router and more eth ?
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-10-12 5:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-11 23:26 [LARTC] dual-isp incoming traffic problems Daniel Wittenberg
2005-10-11 23:58 ` David Boreham
2005-10-12 0:40 ` Daniel Wittenberg
2005-10-12 0:49 ` Nelson Castillo
2005-10-12 5:13 ` McDaeMonD
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.