All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] exporting service on multiple wan
@ 2007-10-18 14:27 Fabio Marcone
  2007-10-19  2:31 ` Mohan Sundaram
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Fabio Marcone @ 2007-10-18 14:27 UTC (permalink / raw)
  To: lartc

Hi all,
I've a routing problem. I'm setting up a router based on debian (kernel
2.4).

I need to setup routing to export an ftp service (ftp server is in dmz)
to 2 wan (both).

I setup prerouting ad forward rule with no problem.

The problem is that reply packet use default gateway (default wan) even
though they are enter using the other wan.

I solved it marking packets in input from the dmz iface and force to use
another gateway (iproute2), but in this way I don't export ftp service
on default wan.

how I can setup routing to export ftp service on both iface?

Thanks in advance,
Fabio
-- 

Dott. Fabio Marcone

2T srl
Telefono	                        +39 - 0871- 540154
Fax		                        +39 - 0871- 571594
Email	                           	fabio.marcone(AT)duet.it	
Indirizzo				Viale B. Croce 573
                                        66013 Chieti Scalo (CH)
GNU/Linux registered user  		#400424
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [LARTC] exporting service on multiple wan
  2007-10-18 14:27 [LARTC] exporting service on multiple wan Fabio Marcone
@ 2007-10-19  2:31 ` Mohan Sundaram
  2007-10-19  2:32 ` Salim S I
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Mohan Sundaram @ 2007-10-19  2:31 UTC (permalink / raw)
  To: lartc

Fabio Marcone wrote:
> Hi all,
> I've a routing problem. I'm setting up a router based on debian (kernel
> 2.4).
> 
> I need to setup routing to export an ftp service (ftp server is in dmz)
> to 2 wan (both).
> 
> I setup prerouting ad forward rule with no problem.
> 
> The problem is that reply packet use default gateway (default wan) even
> though they are enter using the other wan.
> 
> I solved it marking packets in input from the dmz iface and force to use
> another gateway (iproute2), but in this way I don't export ftp service
> on default wan.
> 
> how I can setup routing to export ftp service on both iface?
> 
> Thanks in advance,
> Fabio
One way to do this:
1. Assign 2 private domain IP addresses to the ftp server and listen to 
both for ftp. IP1 and IP2
2. Map one IP each for WAN address. WAN1>>IP1 and WAN2>>IP2
3. On the Linux machine, set policy routing based on src IP of reply 
packet i.e. src IP1 goes thro' WAN1 and src IP2 goes thro' WAN2.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [LARTC] exporting service on multiple wan
  2007-10-18 14:27 [LARTC] exporting service on multiple wan Fabio Marcone
  2007-10-19  2:31 ` Mohan Sundaram
@ 2007-10-19  2:32 ` Salim S I
  2007-10-19  4:21 ` Mohan Sundaram
  2007-10-19  5:36 ` Salim S I
  3 siblings, 0 replies; 5+ messages in thread
From: Salim S I @ 2007-10-19  2:32 UTC (permalink / raw)
  To: lartc

How about conn-marking the (NEW state)packets in POSTROUTING?

-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Mohan Sundaram
Sent: Friday, October 19, 2007 10:19 AM
To: LARTC
Subject: Re: [LARTC] exporting service on multiple wan

Fabio Marcone wrote:
> Hi all,
> I've a routing problem. I'm setting up a router based on debian
(kernel
> 2.4).
> 
> I need to setup routing to export an ftp service (ftp server is in
dmz)
> to 2 wan (both).
> 
> I setup prerouting ad forward rule with no problem.
> 
> The problem is that reply packet use default gateway (default wan)
even
> though they are enter using the other wan.
> 
> I solved it marking packets in input from the dmz iface and force to
use
> another gateway (iproute2), but in this way I don't export ftp service
> on default wan.
> 
> how I can setup routing to export ftp service on both iface?
> 
> Thanks in advance,
> Fabio
One way to do this:
1. Assign 2 private domain IP addresses to the ftp server and listen to 
both for ftp. IP1 and IP2
2. Map one IP each for WAN address. WAN1>>IP1 and WAN2>>IP2
3. On the Linux machine, set policy routing based on src IP of reply 
packet i.e. src IP1 goes thro' WAN1 and src IP2 goes thro' WAN2.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [LARTC] exporting service on multiple wan
  2007-10-18 14:27 [LARTC] exporting service on multiple wan Fabio Marcone
  2007-10-19  2:31 ` Mohan Sundaram
  2007-10-19  2:32 ` Salim S I
@ 2007-10-19  4:21 ` Mohan Sundaram
  2007-10-19  5:36 ` Salim S I
  3 siblings, 0 replies; 5+ messages in thread
From: Mohan Sundaram @ 2007-10-19  4:21 UTC (permalink / raw)
  To: lartc

Salim S I wrote:
> How about conn-marking the (NEW state)packets in POSTROUTING?
> 
Would probably need to use conntrack ESTABLISHED,DNAT and ROUTE 
directive for packets coming from LAN to make sure packet goes out from 
the same interface it came on.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [LARTC] exporting service on multiple wan
  2007-10-18 14:27 [LARTC] exporting service on multiple wan Fabio Marcone
                   ` (2 preceding siblings ...)
  2007-10-19  4:21 ` Mohan Sundaram
@ 2007-10-19  5:36 ` Salim S I
  3 siblings, 0 replies; 5+ messages in thread
From: Salim S I @ 2007-10-19  5:36 UTC (permalink / raw)
  To: lartc

Sorry, I forgot for a moment it was DMZ.

In mangle PREROUTING

-j CONNMARK restore-mark
-m mark --mark 0x0 -i WAN1 -j CONNMARK --set-mark 0x1
-m mark --mark 0x0 -i WAN2 -j CONNMARK --set-mark 0x2

Two routing tables, one for each mark.

-----Original Message-----
From: lartc-bounces@mailman.ds9a.nl
[mailto:lartc-bounces@mailman.ds9a.nl] On Behalf Of Mohan Sundaram
Sent: Friday, October 19, 2007 12:09 PM
To: 'LARTC'
Subject: Re: [LARTC] exporting service on multiple wan

Salim S I wrote:
> How about conn-marking the (NEW state)packets in POSTROUTING?
> 
Would probably need to use conntrack ESTABLISHED,DNAT and ROUTE 
directive for packets coming from LAN to make sure packet goes out from 
the same interface it came on.

Mohan
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-10-19  5:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-18 14:27 [LARTC] exporting service on multiple wan Fabio Marcone
2007-10-19  2:31 ` Mohan Sundaram
2007-10-19  2:32 ` Salim S I
2007-10-19  4:21 ` Mohan Sundaram
2007-10-19  5:36 ` Salim S I

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.