[LARTC] Traffic shapping + routing in RH 7.1

From: "Roberto Campos" <roberto@meuprovedor.com.br>
To: lartc@vger.kernel.org
Subject: [LARTC] Traffic shapping + routing in RH 7.1
Date: Tue, 18 Dec 2001 02:28:58 +0000	[thread overview]
Message-ID: <marc-lartc-100864251921618@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100856061300795@msgid-missing>

Hi ALL,

I'm new to TC and IPTABLES and i need help in setting up a filter/routing
solution to an ISP.
I've read all the HOWTOs and i've reading LARTC messages for a month now.
I still don't have a clue on how to do it 'cause sometimes people say it's
easy, sometimes they say it's impossible.
I'm seeking help for it. Let's move to the subject.

We have a small ISP and we are moving a linux box running RH 7.1 to avoid
having to set up BGP because we don't have an ASN.
What we want to do is to implement redundancy to the services.
The way we managed to do it is like this:

 ISP1                   ISP2
   |                      |
   |                      |
   |______  ISP  _________|
   Linux RH 7.1 ver 2.4.2-2
             |
             |
  ___________|_______________
  |     |    |    |     |    |
 boxes with services we provide

This is the cenario:

. ISP1 and ISP2 are our providers of connection to the internet
. The Linux box is running IPTABLES and TC instaled (patched full)
. The Linux is going to be our firewall and is not going to run any
services at the interfaces to ISP1 and 2.
. The firewall is going to NAT all the packets allowing us to play with
then accordingly, routing and dropping as we need.

What we have done so far?
 We've managed to play with two default gateways equal cost and it works,
the problems are that we have two diferent ISPs to work with and the box
send the packets without a simple logic, we just need that packets comming
from eth0 to go back through eth0. If we ping the firewall from ISP1
sometimes it sends back the ICMP packet with the ip from the other
interface and it's not allowed from ISP1 ou 2. That way it don't get past
their firewalls.
If i can set this up to work telling linux to send back using eth0 the
packets that comes from eth0 with the ip of eth0 or the internal ip that
was used to forward in, i'll be happy.

Then i can use DNS Bind 9.1.0 to use the cheap links for the services i
want and the expensive one to keep our clients flying on the net.

I can deal with the routing myself, my problems are that i can't
understand how linux mounts the packet or routes it based on the port it
came into the firewall when the destination machine is inside our ISP,
like our sendmail machine, for example.

Any help apreciated.

Thanks in advance.

Roberto Campos
____________________________________________
Meu Provedor Tecnologias e Informática Ltda.
Rua Camerino, 128 Grs. 302
Centro - Rio de Janeiro - RJ - CEP 20080-010
Tel.: 55 21 22835173 (PABX/FAX)
Telefone Móvel - Celular: 55 21 91978284

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/