From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mohan Sundaram Date: Fri, 12 Oct 2007 07:12:31 +0000 Subject: Re: [LARTC] Problem with multiple ADSL lines Message-Id: <470F1B8F.9010406@vsnl.com> List-Id: References: <1196d7620710111354p5301336cue87ae26926a587ac@mail.gmail.com> In-Reply-To: <1196d7620710111354p5301336cue87ae26926a587ac@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Kostas Flokos wrote: > Hi Mohan, > > Thanks a lot for your reply. I haven't tried it yet, but I have no > doubts it will work. > > However, if you have time, could you please explain to me why a request > received from IP1 by host H1, having as default route IP2, can not be > routed through IP1; I have a routing table saying that the route to IP1 > is through the proper eth card. > I have used tcpdump to check the packets coming/in/out from the systems > and it seems that there is a packet going from ADSL1 to H1, but nothing > on the other way... it seems like H1 doesn't know what to do with it. > Does the packet from H1 reach the Linux box? Coming to think of it, you must have a route on each of the ADSL routers that shows 192.168.0.0/24 as reachable thro' the Linux box. Think this is ok else packet will not reach H1. Similarly, the host H1 must've the Linux box as default gateway. > Could you please explain (or point me to URLs explaining that) why it > will change if I set the modems to bridge mode? Not all ADSL modems support bridging. Please check that out first. > I still want to do NAT, > will it change if I do it from the Linux router now? > Most routers NAT with their external IP and user normally has no control. Thus if you receive a request on ADSL1_IP which goes to H1 and the reply goes out thro' ISP2, the src of the reply will be ADSL2_IP due to natting. The initiator will only accept a reply with src ADSL1_IP. If you set the modems to bridge mode, you can do the NATting on the Linux box where you can NAT with ADSL1_IP and still send the packet out thro' ISP2. Linux has a great deal of flexibility here. > I also do not understand what you imply with > "3. Source NAT rules use ISP1_IP and routing rule redirects it to link > connected to ISP2. Flip similarly for ISP1." > Could you be a bit more descriptive? Linux Router config: Dst NAT http on ADSL1_IP goes to H1 Dst NAT http on ADSL2_IP goes to H2 Source NAT src H1 to ADSL1_IP Source NAT src H2 to ADSL2_IP ip rule add from ADSL1_IP table ADSL2_rules ip rule add from ADSL2_IP table ADSL1_rules ADSL1_rules default gw is ISP1. ADSL2_rules default gw is ISP2 H1 receives all requests that come on ADSL1_IP. The reply from H1 for request arriving on ADSL1 goes out thro' ISP2 as desired but with the right source IP i.e. ADSL1_IP. From your mail, it seemed like you were wanting to do this. Your original config was sending replies out thro' the same i/f it arrived on. > > Forgive me for being a bit ignorant of all that; possibly I'm trying to > understand too much without basic technical background on routing, etc. > We were all there at a point of time. No need to apologize. It may also not be true that you do not know. We may be failing in communication too. > One more time, thanks a lot for your help. You are welcome. > Regards, > Kostas > > On 10/12/07, *Mohan Sundaram* > wrote: > > Kostas Flokos wrote: > > Hi all, > > I have managed to setup a Fedora 7 box with 3 ethernet cards and two > > ADSL modem/routers from different suppliers as LARTC recommends. I am > > able to direct traffic for specific internal IPs either to one or the > > other ADSL line. However, I am faced with two problems I am > struggling > > for the solution: > > > > 1. I have opened a few ports on the ADSL router/firewalls to talk to > > internal hosts; say when someone hits http://myADSL1_IP I would > redirect > > him to 192.168.0.10 ; > while if someone hits > > http://myADSL2_IP I would redirect him to 192.168.0.20 > > > . > This is your ADSL router(s) config. > > If I have rules such as the following all works well: > > ip rule add from 192.168.0.10 > table ADSL1_rules > > ip rule add from 192.168.0.20 > table ADSL2_rules > These are rules on your linux machine to send traffic back on the same > link they came from. > > Unfortunately, if I want to do the reverse it does not work. I can't > > have a host prefer one ADSL line, but still receive traffic from the > > other ADSL line. > This can be done by switching the rule table above. Obviously NAT is > being used. However, this will break. You cannot initiate a connection > to one IP and match the reply or ack for that connection from another > IP. TCP/IP basics. Assymetric routing works when no address translations > take place. > > It may sound weird, but I only want to have one host > > reply to any of the two IPs, either from ISP1 or ISP2. With the > current > > configuration I can't. It works ok the default ISP of the host, but > > can't make it to work for the other. > One way of doing this would be: > 1. Set the routers to bridge mode. > 2. Assign the ISP IPs to the NICs. > 3. Source NAT rules use ISP1_IP and routing rule redirects it to link > connected to ISP2. Flip similarly for ISP1. > > Let us hope your ISP2 does not filter out traffic having source outside > his subnet when it arrives from within. > > Mohan > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > -- > bus-email: kflokos@upcom.eu > priv-email: kflokos@gmail.com > web: http://www.upcom.eu > GSM: +30-693-8415038 > > ************************************************************************ > This message and all of its attachments should be regarded as > confidential. If you have received this email in error please notify the > sender and destroy it immediately. Statements of intent shall only > become binding when confirmed in hard copy by an authorised signatory. > ************************************************************************ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc