* [LARTC] advanced routing for 2 internet lines
@ 2002-01-02 21:56 Dirk Schäpsmeyer
2002-01-03 3:40 ` Sebastian C K Ip
2002-01-03 9:49 ` AW: " Dirk Schäpsmeyer
0 siblings, 2 replies; 3+ messages in thread
From: Dirk Schäpsmeyer @ 2002-01-02 21:56 UTC (permalink / raw)
To: lartc
Hi all,
I have a Linux box with two connections to the internet over two routers and
a private internal network. The linux box does masquerading.
internet +----------+ 172.16.0.1 +-------------------+
<---- | Router 1 |-------------------| |
+----------+ | 172.16.0.2 |
| | eth1
192.168.0.99
| Linux box
|----------------------- ... clients ...
internet +----------+ 172.16.0.3 | |
<---- | Router 2 |-------------------| routers on eth0 |
+----------+ | |
+-------------------+
Now I want it to work in the way I'll describe now:
Basically, every ip-traffic should work over the default-route 172.16.0.1
(router 1). But ip-traffic with e.g. destination port 8123 und 8124
should work over the 2nd router(172.16.0.3).
Certain webservers, like e.g. gmx.com are should ONLY be connected over
router 2.
To do that, I "invented" following but yet not working solution to it:
ip route add default via 172.16.0.1 dev eth0
ip route add default via 172.16.0.3 dev eth0 table 100
ip rule add fwmark 1 table 100
ip route flush cache
iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8123 -j
MARK --set-mark 1
iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8124 -j
MARK --set-mark 1
[..not mentioning masquerading rules etc.. ]
The port routing from 8123 and 8124 over the 2nd router works without
problems.
But how do I create the routing for ftp-traffic and the connecting to
certain webservers over the 2nd router?
Thanks a lot!
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [LARTC] advanced routing for 2 internet lines
2002-01-02 21:56 [LARTC] advanced routing for 2 internet lines Dirk Schäpsmeyer
@ 2002-01-03 3:40 ` Sebastian C K Ip
2002-01-03 9:49 ` AW: " Dirk Schäpsmeyer
1 sibling, 0 replies; 3+ messages in thread
From: Sebastian C K Ip @ 2002-01-03 3:40 UTC (permalink / raw)
To: lartc
On Wed, 2 Jan 2002, Dirk Schäpsmeyer wrote:
>
> Hi all,
>
> I have a Linux box with two connections to the internet over two routers
and
> a private internal network. The linux box does masquerading.
>
>
>
> internet +----------+ 172.16.0.1 +-------------------+
> <---- | Router 1 |-------------------| |
> +----------+ | 172.16.0.2 |
> | | eth1
> 192.168.0.99
> | Linux box
> |----------------------- ... clients ...
> internet +----------+ 172.16.0.3 | |
> <---- | Router 2 |-------------------| routers on eth0 |
> +----------+ | |
> +-------------------+
>
>
>
> Now I want it to work in the way I'll describe now:
>
> Basically, every ip-traffic should work over the default-route
172.16.0.1
> (router 1). But ip-traffic with e.g. destination port 8123 und 8124
> should work over the 2nd router(172.16.0.3).
> Certain webservers, like e.g. gmx.com are should ONLY be connected over
> router 2.
>
> To do that, I "invented" following but yet not working solution to it:
>
> ip route add default via 172.16.0.1 dev eth0
> ip route add default via 172.16.0.3 dev eth0 table 100
> ip rule add fwmark 1 table 100
> ip route flush cache
>
> iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8123 -j
> MARK --set-mark 1
> iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8124 -j
> MARK --set-mark 1
>
>
> [..not mentioning masquerading rules etc.. ]
>
> The port routing from 8123 and 8124 over the 2nd router works without
> problems.
>
> But how do I create the routing for ftp-traffic and the connecting to
> certain webservers over the 2nd router?
Well I think you do the same thing but your ftp traffic would have you
fw marking dport 21 and 20 traffic and your webserver traffic would have
you fw marking dport 80 traffic to certain dest ip address. Seems simple
enough unless i am missing something here?
>
> Thanks a lot!
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/lartc/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 3+ messages in thread
* AW: [LARTC] advanced routing for 2 internet lines
2002-01-02 21:56 [LARTC] advanced routing for 2 internet lines Dirk Schäpsmeyer
2002-01-03 3:40 ` Sebastian C K Ip
@ 2002-01-03 9:49 ` Dirk Schäpsmeyer
1 sibling, 0 replies; 3+ messages in thread
From: Dirk Schäpsmeyer @ 2002-01-03 9:49 UTC (permalink / raw)
To: lartc
>
> > Hi all,
> >
> > I have a Linux box with two connections to the internet over two routers
> and
> > a private internal network. The linux box does masquerading.
> >
> >
> >
> > internet +----------+ 172.16.0.1 +-------------------+
> > <---- | Router 1 |-------------------| |
> > +----------+ | 172.16.0.2 |
> > | | eth1
> > 192.168.0.99
> > | Linux box
> > |----------------------- ... clients ...
> > internet +----------+ 172.16.0.3 | |
> > <---- | Router 2 |-------------------| routers on eth0 |
> > +----------+ | |
> > +-------------------+
> >
> >
> >
> > Now I want it to work in the way I'll describe now:
> >
> > Basically, every ip-traffic should work over the default-route
> 172.16.0.1
> > (router 1). But ip-traffic with e.g. destination port 8123 und 8124
> > should work over the 2nd router(172.16.0.3).
> > Certain webservers, like e.g. gmx.com are should ONLY be connected over
> > router 2.
> >
> > To do that, I "invented" following but yet not working solution to it:
> >
> > ip route add default via 172.16.0.1 dev eth0
> > ip route add default via 172.16.0.3 dev eth0 table 100
> > ip rule add fwmark 1 table 100
> > ip route flush cache
> >
> > iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8123 -j
> > MARK --set-mark 1
> > iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8124 -j
> > MARK --set-mark 1
> >
> >
> > [..not mentioning masquerading rules etc.. ]
> >
> > The port routing from 8123 and 8124 over the 2nd router works without
> > problems.
> >
> > But how do I create the routing for ftp-traffic and the connecting to
> > certain webservers over the 2nd router?
>
> Well I think you do the same thing but your ftp traffic would have you
> fw marking dport 21 and 20 traffic and your webserver traffic would have
> you fw marking dport 80 traffic to certain dest ip address. Seems simple
> enough unless i am missing something here?
I tried it with this method but didn't have much success.
I noticed this:
If ftp-traffic comes over the 1st router and goes to the ftp-server
172.16.0.2, it seems to work. But if ip-traffic comes over the 2nd router
and goes to the ftpserver,
the answering ipframes coming from the server don't seem to come over the
2nd router - in this case the ftpserver uses the default route over the 1st
router. According to that, a connection never happens.
Similar things seem to happen with the ip-traffic to certain webservers. If
I call the url the first frames come over the 2nd router but after that, the
rest gets lead over the 1st router.
It really doesn't seem to be that easy but I hope you can help me.
Thanks, Dirk
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-01-03 9:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-01-02 21:56 [LARTC] advanced routing for 2 internet lines Dirk Schäpsmeyer
2002-01-03 3:40 ` Sebastian C K Ip
2002-01-03 9:49 ` AW: " Dirk Schäpsmeyer
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.