* RES: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
@ 2002-06-15 16:52 Roni Reicher
2002-06-15 17:20 ` Julian Anastasov
0 siblings, 1 reply; 2+ messages in thread
From: Roni Reicher @ 2002-06-15 16:52 UTC (permalink / raw)
To: lartc
Hi William. Thanks a lot for your help.
Im having some trouble recompiling my kernel after a installed the
patch.
Im running RH 7.3 with kernel 2.4.18-3.
The patch I installed is routes-2.4.16-6.diff. I got no errors
installing it.
I added the multipath support, and recompiled it.
The make dep and the make bzImage went fine.
I got error during the make modules.
These are the errors:
Output.c: in function 'cipe_xmit'
Output.c:175 too few arguments to function 'ip_route_output'
Make[3]: *** [output.o] error 1
Make[3]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon/cipe'
Make[2]: *** [_modsubdir_cipe] error 2
Make[2]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon'
Make[1]: *** [_modsubdir_addon] error 2
Make[1]: leaving directory '/usr/src/linux-2.4.18-3/drivers
Make: *** [_mod_drivers] error 2
After I got that error, a formatted and reinstalled redhat 7.3. Then I
used the newer patch (routes-2.4.19-8.diff), and I got error installing,
and of course I couldn't recompile it.
I formatted again to see if I were doing something wrong recompiling.
But this time I didn't patch and recompile it. I got no errors...
Any ideas? Am I using the wrong patch?
Thanks a lot,
Ron
-----Mensagem original-----
De: William L. Thomson Jr. [mailto:support@obsidian-studios.com]
Enviada em: quinta-feira, 13 de junho de 2002 14:43
Para: lartc@mailman.ds9a.nl
Assunto: Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple
Firewalls
You will need to recompile your kernel with multpath support. Also
before you compile apply Julian's patches to the kernel.
http://www.linuxvirtualserver.org/~julian/#routes
Once that is done check out the Nano-HOWTO
http://www.linuxvirtualserver.org/~julian/nano.txt
That should get you on your way. The linux router will also have to
perform NAT, more than likely DNAT, for things to work properly.
On Thu, 2002-06-13 at 07:43, Roni Reicher wrote:
> Hi guys. I really need some help.
>
>
>
> This is my scenario:
>
>
>
>
>
>
>
> CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL
LINES)
>
>
>
>
>
> My RedHat Linux 7.2 is just a firewall. Im running all the services
> (www, mail, etc.) on my W2K.
>
>
>
> I tried to set up a load balance, but im getting the following
problem.
>
>
>
> When I connect from the internet through my IP1 (ADSL 1) on any port
> that I redirect to W2K, I can connect perfectly to my W2K, but when I
> connect using my IP2 (ADSL2) I cant get to W2K.
>
>
>
> And vice versa.
>
>
>
> With the telnet server, which is running on the linux, I can connect
> using both IP's.
>
>
>
> I guess the problem is when the W2K uses the other gw.
>
>
>
> My W2K default gw is the linux.
>
>
>
> This is my setup:
>
>
>
>
>
> W2K IP -> 10.0.0.1
>
> W2K IP2 -> 192.168.1.2
>
>
>
> Linux eth0 -> xxx.xxx.xxx.170 (ADSL1)
>
> Linux eth0 gw -> xxx.xxx.xxx.129
>
>
>
> Linux eth1 -> 192.168.1.1
>
>
>
> Linux eth2 -> yyy.yyy.yyy.205 (ADSL2)
>
> Linux eth2 gw -> yyy.yyy.yyy.193
>
>
>
>
>
> IPTABLES (just the basic).
>
>
>
> $IPTABLES -A INPUT -i lo -j ACCEPT
>
> $IPTABLES -A INPUT -p icmp -j ACCEPT
>
>
>
> $IPTABLES -A FORWARD -o eth0 -j ACCEPT
>
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
>
>
>
> ##################### SMTP SERVER #################
>
> $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
>
> $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 25
> -j DNAT --to-destination 192.168.1.2
>
> ##################### HTTP SERVER ##################
>
> $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
>
> $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
> -j DNAT --to-destination 192.168.1.2
>
>
>
> $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
>
> $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
>
> $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> $IPTABLES -t nat -A POSTROUTING -o eth2 -j MASQUERADE
>
>
>
>
>
>
>
> And this is my load balancing script:
>
>
>
>
>
> #### Variables ######
>
>
>
> IP=/sbin/ip
>
>
>
> IF1=eth0
>
> IP1=xxx.xxx.xxx.170
>
> P1=xxx.xxx.xxx.129
>
> P1_NET=xxx.xxx.xxx.128/26
>
>
>
> IF2=eth2
>
> IP2=yyy.yyy.yyy.205
>
> P2= yyy.yyy.yyy.193
>
> P2_NET= yyy.yyy.yyy.192/26
>
>
>
> echo 201 t1 >> /etc/iproute2/rt_tables
>
> echo 202 t2 >> /etc/iproute2/rt_tables
>
>
>
>
>
> $IP route add $P1_NET dev $IF1 src $IP1 table t1
>
> $IP route add default via $P1 table t1
>
> $IP route add $P2_NET dev $IF2 src $IP2 table t2
>
> $IP route add default via $P2 table t2
>
>
>
> $IP route add $P1_NET dev $IF1 src $IP1
>
> $IP route add $P2_NET dev $IF2 src $IP2
>
>
>
> $IP route add default via $P1
>
>
>
> $IP rule add from $IP1 table t1
>
> $IP rule add from $IP2 table t2
>
>
>
> $IP route add default scope global nexthop via $P1 dev $IF1 weight 1
> nexthop via $P2 dev $IF2 weight 1
>
>
>
>
>
>
>
> I really need help.
>
>
>
> I appreciate it,
>
>
>
> Ron Reicher
>
> ronysrei@uol.com.br
>
--
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax 707.766.8989
http://www.obsidian-studios.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: RES: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
2002-06-15 16:52 RES: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
@ 2002-06-15 17:20 ` Julian Anastasov
0 siblings, 0 replies; 2+ messages in thread
From: Julian Anastasov @ 2002-06-15 17:20 UTC (permalink / raw)
To: lartc
Hello,
On Sat, 15 Jun 2002, Roni Reicher wrote:
> Output.c: in function 'cipe_xmit'
> Output.c:175 too few arguments to function 'ip_route_output'
> Make[3]: *** [output.o] error 1
> Make[3]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon/cipe'
> Make[2]: *** [_modsubdir_cipe] error 2
> Make[2]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon'
> Make[1]: *** [_modsubdir_addon] error 2
> Make[1]: leaving directory '/usr/src/linux-2.4.18-3/drivers
> Make: *** [_mod_drivers] error 2
IIRC, Roberto Nibali provided patch for cipe to use it
together with the "routes" patch, it is on the web page:
cipe-1.5.2-routes-1.diff
> After I got that error, a formatted and reinstalled redhat 7.3. Then I
> used the newer patch (routes-2.4.19-8.diff), and I got error installing,
> and of course I couldn't recompile it.
You can use routes-2.4.19-8.diff after 2.4.19pre8. It does
not have the problem to change the interface of the routing functions,
so such problems with applying extra patches to code out of the
plain kernel should not exist.
> Ron
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-06-15 17:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-15 16:52 RES: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
2002-06-15 17:20 ` Julian Anastasov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.