[LARTC] multiple isp + nat

[LARTC] multiple isp + nat

[Janne Raatikainen]

I configured multiple isp (actually only multiple gw) according
http://lartc.org/howto/lartc.rpdb.multiple-links.html.

Now NAT (Internet) seems to work, both external interfaces work ( I
didnt configure load balancing because I dont need it). However I have
problem that I can not ping from NAT to public ip of my  Linux box.
Problem is that I can not connect from 192.168.1.0/24 network to
services listening 84.248.213.195, but I can connect to Internet from
NAT through that interface gateway (84.248.192.0). Connecting with
public ip worked fine when I had simple NAT, with single
Internet-connection.

I also notice that portforwarding from Linux-box (public ip) to computer
under nat doesnt work too. Anyone has idea what is the problem?

# ip rule ls
0:      from all lookup local
32762:  from 84.248.213.195 lookup T1
32764:  from 88.192.38.86 lookup T2
32766:  from all lookup main
32767:  from all lookup default

# ip route
84.248.192.0 dev eth2  scope link  src 84.248.213.195
88.192.32.0 dev eth0  scope link  src 88.192.38.86
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.50
88.192.32.0/20 dev eth0  proto kernel  scope link  src 88.192.38.86
84.248.192.0/19 dev eth2  proto kernel  scope link  src 84.248.213.195
default via 88.192.32.1 dev eth0
default via 84.248.192.1 dev eth2

Do I have to use some different kind of iptables-rules (fwmark?), than I used
when I had only one connection to Internet, or do I have to add some
route or gw?

Janne
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] multiple isp + nat

[Manish Kathuria]

Janne Raatikainen wrote:
> I configured multiple isp (actually only multiple gw) according
> http://lartc.org/howto/lartc.rpdb.multiple-links.html.
> 
> Now NAT (Internet) seems to work, both external interfaces work ( I
> didnt configure load balancing because I dont need it). However I have
> problem that I can not ping from NAT to public ip of my  Linux box.
> Problem is that I can not connect from 192.168.1.0/24 network to
> services listening 84.248.213.195, but I can connect to Internet from
> NAT through that interface gateway (84.248.192.0). Connecting with
> public ip worked fine when I had simple NAT, with single
> Internet-connection.

Have you used any firewall rules which prevent INPUT from the LAN ?

> 
> I also notice that portforwarding from Linux-box (public ip) to computer
> under nat doesnt work too. Anyone has idea what is the problem?

You will have to accept the traffic in the FOWARD chain in addition to 
the port forwarding rule for the system which is being accessed.

I think it will be better if you list your firewall rules here to make 
the things clear. It will make it easier to identify the reason.



  Do I have to use some different kind of iptables-rules (fwmark?), than 
I used
> when I had only one connection to Internet, or do I have to add some
> route or gw?
> 
> Janne
>

--
Manish
http://www.tuxspace.com/
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] multiple isp + nat

[Janne Raatikainen]

Please notice my another message down there from another e-mail ->

ps. This gmail is confusing to use for mailing list. :)
pps. I hope this message now goes under another in archive, because it
doesn't have "RE:" in subject-line.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc