From mboxrd@z Thu Jan 1 00:00:00 1970 From: VladSun Date: Thu, 17 May 2007 13:07:10 +0000 Subject: Re: [LARTC] Newbie: Route some traffic through a pptp tunnel Message-Id: <464C537E.4040800@relef.net> List-Id: References: <464C525A.2080307@crc.dk> In-Reply-To: <464C525A.2080307@crc.dk> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit To: lartc@vger.kernel.org Mogens Kjaer написа: > I have a centos 4 i386 machine that works like a > router (iptables filter, NAT) with two NIC's. > > One NIC is connected to my ISP (100 Mbit FTTH), > I get a DHCP assigned public IP that changes > "sometimes". Most incoming ports are blocked > by my ISP. > > In order to get a fixed IP and open ports, I > have to set up a PPTP tunnel to the ISP. > > The default gw and the NAT'ing goes to this tunnel. > > This is the output of ifconfig: > > eth0 Link encap:Ethernet HWaddr 00:80:C8:EA:88:A7 > inet addr:86.48.47.147 Bcast:86.48.47.255 Mask:255.255.254.0 > inet6 addr: fe80::280:c8ff:feea:88a7/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:8083596 errors:0 dropped:0 overruns:0 frame:0 > TX packets:3408048 errors:22 dropped:0 overruns:22 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:1538901914 (1.4 GiB) TX bytes:519514046 (495.4 MiB) > Interrupt:169 Base address:0x4000 > > eth1 Link encap:Ethernet HWaddr 00:12:79:A0:3D:7E > inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0 > inet6 addr: fe80::212:79ff:fea0:3d7e/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:126264 errors:0 dropped:0 overruns:0 frame:0 > TX packets:155536 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:23156937 (22.0 MiB) TX bytes:111015780 (105.8 MiB) > Interrupt:177 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:912424 errors:0 dropped:0 overruns:0 frame:0 > TX packets:912424 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:103397649 (98.6 MiB) TX bytes:103397649 (98.6 MiB) > > ppp0 Link encap:Point-to-Point Protocol > inet addr:86.48.43.19 P-t-P:81.19.236.186 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1 > RX packets:120948 errors:0 dropped:0 overruns:0 frame:0 > TX packets:109043 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 > RX bytes:80518167 (76.7 MiB) TX bytes:37434930 (35.7 MiB) > > This works today, my problem is that the tunneled traffic is slower than > going through eth0 directly. > > How can I: > > 1. Use the tunnel for incoming and outgoing mail and incoming http > requests. > 2. NAT traffic from eth1 to eth0, i.e. not through the tunnel > 3. Local traffic from the router should access the internet through > eth0, except for outgoing mails. > > Mogens > > You may find the ROUTE iptables target useful for this. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc