[LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls

All of lore.kernel.org
 help / color / mirror / Atom feed

* [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
@ 2002-06-13 14:43 Roni Reicher
  2002-06-13 17:43 ` William L. Thomson Jr.
                   ` (4 more replies)
  0 siblings, 5 replies; 6+ messages in thread
From: Roni Reicher @ 2002-06-13 14:43 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 3132 bytes --]

Hi guys. I really need some help.

 

This is my scenario:

 

 

 

CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL LINES)

 

 

My RedHat Linux 7.2 is just a firewall. Im running all the services
(www, mail, etc.) on my W2K.

 

I tried to set up a load balance, but im getting the following problem.

 

When I connect from the internet through my IP1 (ADSL 1) on any port
that I redirect to W2K, I can connect perfectly to my W2K, but when I
connect using my IP2 (ADSL2) I cant get to W2K.

 

And vice versa.

 

With the telnet server, which is running on the linux, I can connect
using both IP's. 

 

I guess the problem is when the W2K uses the other gw.

 

My W2K default gw is the linux.

 

This is my setup:

 

 

W2K IP   -> 10.0.0.1 

W2K IP2 -> 192.168.1.2

 

Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)

Linux eth0 gw ->  xxx.xxx.xxx.129

 

Linux eth1       -> 192.168.1.1

 

Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)

Linux eth2 gw  -> yyy.yyy.yyy.193

 

 

IPTABLES (just the basic).

 

$IPTABLES -A INPUT -i lo       -j ACCEPT

$IPTABLES -A INPUT -p icmp -j ACCEPT

 

$IPTABLES -A FORWARD -o eth0 -j ACCEPT

$IPTABLES -A FORWARD -o eth2 -j ACCEPT

 

##################### SMTP SERVER #################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
-j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
-j DNAT --to-destination 192.168.1.2

##################### HTTP SERVER ##################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
-j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
-j DNAT --to-destination 192.168.1.2

 

 $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE

 $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE

 

 

 

And this is my load balancing script:

 

 

#### Variables ######

 

IP=/sbin/ip

 

IF1=eth0

IP1=xxx.xxx.xxx.170

P1=xxx.xxx.xxx.129

P1_NET=xxx.xxx.xxx.128/26

 

IF2=eth2

IP2=yyy.yyy.yyy.205

P2= yyy.yyy.yyy.193

P2_NET= yyy.yyy.yyy.192/26

 

echo 201  t1 >> /etc/iproute2/rt_tables

echo 202  t2 >> /etc/iproute2/rt_tables

 

 

$IP route add $P1_NET dev $IF1 src $IP1 table t1

$IP route add default via $P1 table t1

$IP route add $P2_NET dev $IF2 src $IP2 table t2 

$IP route add default via $P2 table t2

 

$IP route add $P1_NET dev $IF1 src $IP1

$IP route add $P2_NET dev $IF2 src $IP2

 

$IP route add default via $P1

 

$IP rule add from $IP1 table t1

$IP rule add from $IP2 table t2

 

$IP route add default scope global nexthop via $P1 dev $IF1 weight 1
nexthop via $P2 dev $IF2 weight 1

 

 

 

I really need help.

 

I appreciate it,

 

Ron Reicher

ronysrei@uol.com.br


[-- Attachment #2: Type: text/html, Size: 17257 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
  2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
@ 2002-06-13 17:43 ` William L. Thomson Jr.
  2002-06-17 13:18 ` Shroads, Jay
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: William L. Thomson Jr. @ 2002-06-13 17:43 UTC (permalink / raw)
  To: lartc

You will need to recompile your kernel with multpath support. Also
before you compile apply Julian's patches to the kernel.

http://www.linuxvirtualserver.org/~julian/#routes

Once that is done check out the Nano-HOWTO

http://www.linuxvirtualserver.org/~julian/nano.txt

That should get you on your way. The linux router will also have to
perform NAT, more than likely DNAT, for things to work properly.

On Thu, 2002-06-13 at 07:43, Roni Reicher wrote:
> Hi guys. I really need some help.
> 
>  
> 
> This is my scenario:
> 
>  
> 
>  
> 
>  
> 
> CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL LINES)
> 
>  
> 
>  
> 
> My RedHat Linux 7.2 is just a firewall. Im running all the services
> (www, mail, etc.) on my W2K.
> 
>  
> 
> I tried to set up a load balance, but im getting the following problem.
> 
>  
> 
> When I connect from the internet through my IP1 (ADSL 1) on any port
> that I redirect to W2K, I can connect perfectly to my W2K, but when I
> connect using my IP2 (ADSL2) I cant get to W2K.
> 
>  
> 
> And vice versa.
> 
>  
> 
> With the telnet server, which is running on the linux, I can connect
> using both IP's. 
> 
>  
> 
> I guess the problem is when the W2K uses the other gw.
> 
>  
> 
> My W2K default gw is the linux.
> 
>  
> 
> This is my setup:
> 
>  
> 
>  
> 
> W2K IP   -> 10.0.0.1 
> 
> W2K IP2 -> 192.168.1.2
> 
>  
> 
> Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)
> 
> Linux eth0 gw ->  xxx.xxx.xxx.129
> 
>  
> 
> Linux eth1       -> 192.168.1.1
> 
>  
> 
> Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)
> 
> Linux eth2 gw  -> yyy.yyy.yyy.193
> 
>  
> 
>  
> 
> IPTABLES (just the basic).
> 
>  
> 
> $IPTABLES -A INPUT -i lo       -j ACCEPT
> 
> $IPTABLES -A INPUT -p icmp -j ACCEPT
> 
>  
> 
> $IPTABLES -A FORWARD -o eth0 -j ACCEPT
> 
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
> 
>  
> 
> ##################### SMTP SERVER #################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
> ##################### HTTP SERVER ##################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  
> 
>  $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE
> 
>  
> 
>  
> 
>  
> 
> And this is my load balancing script:
> 
>  
> 
>  
> 
> #### Variables ######
> 
>  
> 
> IP=/sbin/ip
> 
>  
> 
> IF1=eth0
> 
> IP1=xxx.xxx.xxx.170
> 
> P1=xxx.xxx.xxx.129
> 
> P1_NET=xxx.xxx.xxx.128/26
> 
>  
> 
> IF2=eth2
> 
> IP2=yyy.yyy.yyy.205
> 
> P2= yyy.yyy.yyy.193
> 
> P2_NET= yyy.yyy.yyy.192/26
> 
>  
> 
> echo 201  t1 >> /etc/iproute2/rt_tables
> 
> echo 202  t2 >> /etc/iproute2/rt_tables
> 
>  
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1 table t1
> 
> $IP route add default via $P1 table t1
> 
> $IP route add $P2_NET dev $IF2 src $IP2 table t2 
> 
> $IP route add default via $P2 table t2
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1
> 
> $IP route add $P2_NET dev $IF2 src $IP2
> 
>  
> 
> $IP route add default via $P1
> 
>  
> 
> $IP rule add from $IP1 table t1
> 
> $IP rule add from $IP2 table t2
> 
>  
> 
> $IP route add default scope global nexthop via $P1 dev $IF1 weight 1
> nexthop via $P2 dev $IF2 weight 1
> 
>  
> 
>  
> 
>  
> 
> I really need help.
> 
>  
> 
> I appreciate it,
> 
>  
> 
> Ron Reicher
> 
> ronysrei@uol.com.br
> 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
  2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
  2002-06-13 17:43 ` William L. Thomson Jr.
@ 2002-06-17 13:18 ` Shroads, Jay
  2002-06-26 23:14 ` Roni Reicher
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 6+ messages in thread
From: Shroads, Jay @ 2002-06-17 13:18 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 6361 bytes --]

All-

Same identical problem...However,the kernel did boot, and despite many
complaints about missing symbols, it is running and working as advertised.  

Regards,
Jay Shroads

-----Original Message-----
From: Roni Reicher [mailto:roni@varosoft.com.br]
Sent: Saturday, June 15, 2002 12:53 PM
To: William L. Thomson Jr.; lartc@mailman.ds9a.nl
Subject: RES: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple
Firewalls


Hi William. Thanks a lot for your help.

Im having some trouble recompiling my kernel after a installed the
patch.

Im running RH 7.3 with kernel 2.4.18-3.

The patch I installed is routes-2.4.16-6.diff. I got no errors
installing it.

I added the multipath support, and recompiled it.

The make dep and the make bzImage went fine.

I got error during the make modules.

These are the errors:

Output.c: in function 'cipe_xmit'
Output.c:175 too few arguments to function 'ip_route_output'
Make[3]: *** [output.o] error 1
Make[3]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon/cipe'
Make[2]: *** [_modsubdir_cipe] error 2
Make[2]: leaving directory '/usr/src/linux-2.4.18-3/drivers/addon'
Make[1]: *** [_modsubdir_addon] error 2
Make[1]: leaving directory '/usr/src/linux-2.4.18-3/drivers
Make: *** [_mod_drivers] error 2

After I got that error, a formatted and reinstalled redhat 7.3. Then I
used the newer patch (routes-2.4.19-8.diff), and I got error installing,
and of course I couldn't recompile it.

I formatted again to see if I were doing something wrong recompiling.
But this time I didn't patch and recompile it. I got no errors...

Any ideas? Am I using the wrong patch?

Thanks a lot,

Ron


-----Mensagem original-----
De: William L. Thomson Jr. [mailto:support@obsidian-studios.com] 
Enviada em: quinta-feira, 13 de junho de 2002 14:43
Para: lartc@mailman.ds9a.nl
Assunto: Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple
Firewalls

You will need to recompile your kernel with multpath support. Also
before you compile apply Julian's patches to the kernel.

http://www.linuxvirtualserver.org/~julian/#routes

Once that is done check out the Nano-HOWTO

http://www.linuxvirtualserver.org/~julian/nano.txt

That should get you on your way. The linux router will also have to
perform NAT, more than likely DNAT, for things to work properly.

On Thu, 2002-06-13 at 07:43, Roni Reicher wrote:
> Hi guys. I really need some help.
> 
>  
> 
> This is my scenario:
> 
>  
> 
>  
> 
>  
> 
> CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL
LINES)
> 
>  
> 
>  
> 
> My RedHat Linux 7.2 is just a firewall. Im running all the services
> (www, mail, etc.) on my W2K.
> 
>  
> 
> I tried to set up a load balance, but im getting the following
problem.
> 
>  
> 
> When I connect from the internet through my IP1 (ADSL 1) on any port
> that I redirect to W2K, I can connect perfectly to my W2K, but when I
> connect using my IP2 (ADSL2) I cant get to W2K.
> 
>  
> 
> And vice versa.
> 
>  
> 
> With the telnet server, which is running on the linux, I can connect
> using both IP's. 
> 
>  
> 
> I guess the problem is when the W2K uses the other gw.
> 
>  
> 
> My W2K default gw is the linux.
> 
>  
> 
> This is my setup:
> 
>  
> 
>  
> 
> W2K IP   -> 10.0.0.1 
> 
> W2K IP2 -> 192.168.1.2
> 
>  
> 
> Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)
> 
> Linux eth0 gw ->  xxx.xxx.xxx.129
> 
>  
> 
> Linux eth1       -> 192.168.1.1
> 
>  
> 
> Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)
> 
> Linux eth2 gw  -> yyy.yyy.yyy.193
> 
>  
> 
>  
> 
> IPTABLES (just the basic).
> 
>  
> 
> $IPTABLES -A INPUT -i lo       -j ACCEPT
> 
> $IPTABLES -A INPUT -p icmp -j ACCEPT
> 
>  
> 
> $IPTABLES -A FORWARD -o eth0 -j ACCEPT
> 
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
> 
>  
> 
> ##################### SMTP SERVER #################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
> ##################### HTTP SERVER ##################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  
> 
>  $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE
> 
>  
> 
>  
> 
>  
> 
> And this is my load balancing script:
> 
>  
> 
>  
> 
> #### Variables ######
> 
>  
> 
> IP=/sbin/ip
> 
>  
> 
> IF1=eth0
> 
> IP1=xxx.xxx.xxx.170
> 
> P1=xxx.xxx.xxx.129
> 
> P1_NET=xxx.xxx.xxx.128/26
> 
>  
> 
> IF2=eth2
> 
> IP2=yyy.yyy.yyy.205
> 
> P2= yyy.yyy.yyy.193
> 
> P2_NET= yyy.yyy.yyy.192/26
> 
>  
> 
> echo 201  t1 >> /etc/iproute2/rt_tables
> 
> echo 202  t2 >> /etc/iproute2/rt_tables
> 
>  
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1 table t1
> 
> $IP route add default via $P1 table t1
> 
> $IP route add $P2_NET dev $IF2 src $IP2 table t2 
> 
> $IP route add default via $P2 table t2
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1
> 
> $IP route add $P2_NET dev $IF2 src $IP2
> 
>  
> 
> $IP route add default via $P1
> 
>  
> 
> $IP rule add from $IP1 table t1
> 
> $IP rule add from $IP2 table t2
> 
>  
> 
> $IP route add default scope global nexthop via $P1 dev $IF1 weight 1
> nexthop via $P2 dev $IF2 weight 1
> 
>  
> 
>  
> 
>  
> 
> I really need help.
> 
>  
> 
> I appreciate it,
> 
>  
> 
> Ron Reicher
> 
> ronysrei@uol.com.br
> 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[-- Attachment #2: Type: text/html, Size: 16138 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
  2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
  2002-06-13 17:43 ` William L. Thomson Jr.
  2002-06-17 13:18 ` Shroads, Jay
@ 2002-06-26 23:14 ` Roni Reicher
  2002-06-29 16:13 ` Roni Reicher
  2002-06-29 18:08 ` William L. Thomson Jr.
  4 siblings, 0 replies; 6+ messages in thread
From: Roni Reicher @ 2002-06-26 23:14 UTC (permalink / raw)
  To: lartc

I installed the kernel 2.4.19pre10 with all the patches and compiled it
with the equalcost multipath, but Im still having some troubles...

Could anyone check these scrips to see if there is something wrong?

I appreciate it,

Ron Reicher

Eth0 (local) -> 192.168.1.1 connected to my W2k Server on 192.168.1.2
Eth1 (ADSL 1 256k) -> xxx.xxx.xxx.170 gw xxx.xxx.xxx.129
Eth2 (ADSL 2 512k) -> yyy.yyy.yyy.205 gw yyy.yyy.yyy.193

My W2K is hosting all the services, and the clients are behind it.

This is my IPTABLES SCRIPT.




IPTABLES=/sbin/iptables


$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING   ACCEPT
$IPTABLES -t nat -P POSTROUTING  ACCEPT
$IPTABLES -t nat -P OUTPUT       ACCEPT


$IPTABLES -A INPUT -p tcp -s 10.0.0.0/255.255.255.0  --dport 23 -j
ACCEPT

$IPTABLES -A INPUT -i lo   -j ACCEPT
$IPTABLES -A INPUT -p icmp -j ACCEPT

#############################################

$IPTABLES -A FORWARD -o eth2 -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -j ACCEPT

$IPTABLES -A FORWARD -p tcp ! --syn -d 192.168.1.0/255.255.255.0 -j
ACCEPT

##################################

$IPTABLES -A FORWARD -i eth1  -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth2  -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0  -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -i eth0  -o eth2 -j ACCEPT

###########################################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
-j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
-j DNAT --to-destination 192.168.1.2

###########################################
 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
-j DNAT --to-destination 192.168.1.2


 $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -o eth1           -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE




And this is my Load Balancing Script:




IP=/sbin/ip


IF1=eth1
IP1=xxx.xxx.xxx.170
P1=xxx.xxx.xxx.129
P1_NET=xxx.xxx.xxx.128/26

IF2=eth2
IP2=yyy.yyy.yyy.200.168.71.205
P2= yyy.yyy.yyy.193
P2_NET= yyy.yyy.yyy.192/26

###################################

echo 201  T1 >> /etc/iproute2/rt_tables
echo 202  T2 >> /etc/iproute2/rt_tables

$ROUTE del default

$IP route add $P1_NET dev $IF1 src $IP1 table T1
$IP route add default via $P1 table T1
$IP route add $P2_NET dev $IF2 src $IP2 table T2 
$IP route add default via $P2 table T2

$IP route add $P1_NET dev $IF1 src $IP1
$IP route add $P2_NET dev $IF2 src $IP2

#########################################

$IP route add default via $P2

######################################################

$IP rule add from $IP1 table T1
$IP rule add from $IP2 table T2

#############################

$IP route add default scope global nexthop via $P2 dev $IF2 weight 1
nexthop via $P1 dev $IF1 weight 1

######################################################





That's it...

Please someone give me a hint.

Thanks again,

Ron Reicher













-----Mensagem original-----
De: William L. Thomson Jr. [mailto:support@obsidian-studios.com] 
Enviada em: quinta-feira, 13 de junho de 2002 14:43
Para: lartc@mailman.ds9a.nl
Assunto: Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple
Firewalls

You will need to recompile your kernel with multpath support. Also
before you compile apply Julian's patches to the kernel.

http://www.linuxvirtualserver.org/~julian/#routes

Once that is done check out the Nano-HOWTO

http://www.linuxvirtualserver.org/~julian/nano.txt

That should get you on your way. The linux router will also have to
perform NAT, more than likely DNAT, for things to work properly.

On Thu, 2002-06-13 at 07:43, Roni Reicher wrote:
> Hi guys. I really need some help.
> 
>  
> 
> This is my scenario:
> 
>  
> 
>  
> 
>  
> 
> CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL
LINES)
> 
>  
> 
>  
> 
> My RedHat Linux 7.2 is just a firewall. Im running all the services
> (www, mail, etc.) on my W2K.
> 
>  
> 
> I tried to set up a load balance, but im getting the following
problem.
> 
>  
> 
> When I connect from the internet through my IP1 (ADSL 1) on any port
> that I redirect to W2K, I can connect perfectly to my W2K, but when I
> connect using my IP2 (ADSL2) I cant get to W2K.
> 
>  
> 
> And vice versa.
> 
>  
> 
> With the telnet server, which is running on the linux, I can connect
> using both IP's. 
> 
>  
> 
> I guess the problem is when the W2K uses the other gw.
> 
>  
> 
> My W2K default gw is the linux.
> 
>  
> 
> This is my setup:
> 
>  
> 
>  
> 
> W2K IP   -> 10.0.0.1 
> 
> W2K IP2 -> 192.168.1.2
> 
>  
> 
> Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)
> 
> Linux eth0 gw ->  xxx.xxx.xxx.129
> 
>  
> 
> Linux eth1       -> 192.168.1.1
> 
>  
> 
> Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)
> 
> Linux eth2 gw  -> yyy.yyy.yyy.193
> 
>  
> 
>  
> 
> IPTABLES (just the basic).
> 
>  
> 
> $IPTABLES -A INPUT -i lo       -j ACCEPT
> 
> $IPTABLES -A INPUT -p icmp -j ACCEPT
> 
>  
> 
> $IPTABLES -A FORWARD -o eth0 -j ACCEPT
> 
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
> 
>  
> 
> ##################### SMTP SERVER #################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
> ##################### HTTP SERVER ##################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  
> 
>  $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE
> 
>  
> 
>  
> 
>  
> 
> And this is my load balancing script:
> 
>  
> 
>  
> 
> #### Variables ######
> 
>  
> 
> IP=/sbin/ip
> 
>  
> 
> IF1=eth0
> 
> IP1=xxx.xxx.xxx.170
> 
> P1=xxx.xxx.xxx.129
> 
> P1_NET=xxx.xxx.xxx.128/26
> 
>  
> 
> IF2=eth2
> 
> IP2=yyy.yyy.yyy.205
> 
> P2= yyy.yyy.yyy.193
> 
> P2_NET= yyy.yyy.yyy.192/26
> 
>  
> 
> echo 201  t1 >> /etc/iproute2/rt_tables
> 
> echo 202  t2 >> /etc/iproute2/rt_tables
> 
>  
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1 table t1
> 
> $IP route add default via $P1 table t1
> 
> $IP route add $P2_NET dev $IF2 src $IP2 table t2 
> 
> $IP route add default via $P2 table t2
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1
> 
> $IP route add $P2_NET dev $IF2 src $IP2
> 
>  
> 
> $IP route add default via $P1
> 
>  
> 
> $IP rule add from $IP1 table t1
> 
> $IP rule add from $IP2 table t2
> 
>  
> 
> $IP route add default scope global nexthop via $P1 dev $IF1 weight 1
> nexthop via $P2 dev $IF2 weight 1
> 
>  
> 
>  
> 
>  
> 
> I really need help.
> 
>  
> 
> I appreciate it,
> 
>  
> 
> Ron Reicher
> 
> ronysrei@uol.com.br
> 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
  2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
                   ` (2 preceding siblings ...)
  2002-06-26 23:14 ` Roni Reicher
@ 2002-06-29 16:13 ` Roni Reicher
  2002-06-29 18:08 ` William L. Thomson Jr.
  4 siblings, 0 replies; 6+ messages in thread
From: Roni Reicher @ 2002-06-29 16:13 UTC (permalink / raw)
  To: lartc

I installed the kernel 2.4.19pre10 with all the patches and compiled it
with the equalcost multipath, but Im still having some troubles...

Could anyone check these scrips to see if there is something wrong?

I appreciate it,

Ron Reicher

Eth0 (local) -> 192.168.1.1 connected to my W2k Server on 192.168.1.2
Eth1 (ADSL 1 256k) -> xxx.xxx.xxx.170 gw xxx.xxx.xxx.129
Eth2 (ADSL 2 512k) -> yyy.yyy.yyy.205 gw yyy.yyy.yyy.193

My W2K is hosting all the services, and the clients are behind it.

This is my IPTABLES SCRIPT.




IPTABLES=/sbin/iptables


$IPTABLES -F INPUT
$IPTABLES -F FORWARD
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -P PREROUTING   ACCEPT
$IPTABLES -t nat -P POSTROUTING  ACCEPT
$IPTABLES -t nat -P OUTPUT       ACCEPT


$IPTABLES -A INPUT -p tcp -s 10.0.0.0/255.255.255.0  --dport 23 -j
ACCEPT

$IPTABLES -A INPUT -i lo   -j ACCEPT
$IPTABLES -A INPUT -p icmp -j ACCEPT

#############################################

$IPTABLES -A FORWARD -o eth2 -j ACCEPT
$IPTABLES -A FORWARD -o eth1 -j ACCEPT

$IPTABLES -A FORWARD -p tcp ! --syn -d 192.168.1.0/255.255.255.0 -j
ACCEPT

##################################

$IPTABLES -A FORWARD -i eth1  -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth2  -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0  -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -i eth0  -o eth2 -j ACCEPT

###########################################

 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
-j DNAT --to-destination 192.168.1.2

 $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
-j DNAT --to-destination 192.168.1.2

###########################################
 $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
-j DNAT --to-destination 192.168.1.2


 $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -o eth1           -j MASQUERADE
 $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE




And this is my Load Balancing Script:




IP=/sbin/ip


IF1=eth1
IP1=xxx.xxx.xxx.170
P1=xxx.xxx.xxx.129
P1_NET=xxx.xxx.xxx.128/26

IF2=eth2
IP2=yyy.yyy.yyy.200.168.71.205
P2= yyy.yyy.yyy.193
P2_NET= yyy.yyy.yyy.192/26

###################################

echo 201  T1 >> /etc/iproute2/rt_tables
echo 202  T2 >> /etc/iproute2/rt_tables

$ROUTE del default

$IP route add $P1_NET dev $IF1 src $IP1 table T1
$IP route add default via $P1 table T1
$IP route add $P2_NET dev $IF2 src $IP2 table T2 
$IP route add default via $P2 table T2

$IP route add $P1_NET dev $IF1 src $IP1
$IP route add $P2_NET dev $IF2 src $IP2

#########################################

$IP route add default via $P2

######################################################

$IP rule add from $IP1 table T1
$IP rule add from $IP2 table T2

#############################

$IP route add default scope global nexthop via $P2 dev $IF2 weight 1
nexthop via $P1 dev $IF1 weight 1

######################################################





That's it...

Please someone give me a hint.

Thanks again,

Ron Reicher













-----Mensagem original-----
De: William L. Thomson Jr. [mailto:support@obsidian-studios.com] 
Enviada em: quinta-feira, 13 de junho de 2002 14:43
Para: lartc@mailman.ds9a.nl
Assunto: Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple
Firewalls

You will need to recompile your kernel with multpath support. Also
before you compile apply Julian's patches to the kernel.

http://www.linuxvirtualserver.org/~julian/#routes

Once that is done check out the Nano-HOWTO

http://www.linuxvirtualserver.org/~julian/nano.txt

That should get you on your way. The linux router will also have to
perform NAT, more than likely DNAT, for things to work properly.

On Thu, 2002-06-13 at 07:43, Roni Reicher wrote:
> Hi guys. I really need some help.
> 
>  
> 
> This is my scenario:
> 
>  
> 
>  
> 
>  
> 
> CLIENTS -> SWITCH -> W2K Server -> Linux -> Internet (with 2 ADSL
LINES)
> 
>  
> 
>  
> 
> My RedHat Linux 7.2 is just a firewall. Im running all the services
> (www, mail, etc.) on my W2K.
> 
>  
> 
> I tried to set up a load balance, but im getting the following
problem.
> 
>  
> 
> When I connect from the internet through my IP1 (ADSL 1) on any port
> that I redirect to W2K, I can connect perfectly to my W2K, but when I
> connect using my IP2 (ADSL2) I cant get to W2K.
> 
>  
> 
> And vice versa.
> 
>  
> 
> With the telnet server, which is running on the linux, I can connect
> using both IP's. 
> 
>  
> 
> I guess the problem is when the W2K uses the other gw.
> 
>  
> 
> My W2K default gw is the linux.
> 
>  
> 
> This is my setup:
> 
>  
> 
>  
> 
> W2K IP   -> 10.0.0.1 
> 
> W2K IP2 -> 192.168.1.2
> 
>  
> 
> Linux eth0       -> xxx.xxx.xxx.170 (ADSL1)
> 
> Linux eth0 gw ->  xxx.xxx.xxx.129
> 
>  
> 
> Linux eth1       -> 192.168.1.1
> 
>  
> 
> Linux eth2       -> yyy.yyy.yyy.205 (ADSL2)
> 
> Linux eth2 gw  -> yyy.yyy.yyy.193
> 
>  
> 
>  
> 
> IPTABLES (just the basic).
> 
>  
> 
> $IPTABLES -A INPUT -i lo       -j ACCEPT
> 
> $IPTABLES -A INPUT -p icmp -j ACCEPT
> 
>  
> 
> $IPTABLES -A FORWARD -o eth0 -j ACCEPT
> 
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
> 
>  
> 
> ##################### SMTP SERVER #################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
> ##################### HTTP SERVER ##################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
>  
> 
>  $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth0           -j MASQUERADE
> 
>  $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE
> 
>  
> 
>  
> 
>  
> 
> And this is my load balancing script:
> 
>  
> 
>  
> 
> #### Variables ######
> 
>  
> 
> IP=/sbin/ip
> 
>  
> 
> IF1=eth0
> 
> IP1=xxx.xxx.xxx.170
> 
> P1=xxx.xxx.xxx.129
> 
> P1_NET=xxx.xxx.xxx.128/26
> 
>  
> 
> IF2=eth2
> 
> IP2=yyy.yyy.yyy.205
> 
> P2= yyy.yyy.yyy.193
> 
> P2_NET= yyy.yyy.yyy.192/26
> 
>  
> 
> echo 201  t1 >> /etc/iproute2/rt_tables
> 
> echo 202  t2 >> /etc/iproute2/rt_tables
> 
>  
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1 table t1
> 
> $IP route add default via $P1 table t1
> 
> $IP route add $P2_NET dev $IF2 src $IP2 table t2 
> 
> $IP route add default via $P2 table t2
> 
>  
> 
> $IP route add $P1_NET dev $IF1 src $IP1
> 
> $IP route add $P2_NET dev $IF2 src $IP2
> 
>  
> 
> $IP route add default via $P1
> 
>  
> 
> $IP rule add from $IP1 table t1
> 
> $IP rule add from $IP2 table t2
> 
>  
> 
> $IP route add default scope global nexthop via $P1 dev $IF1 weight 1
> nexthop via $P2 dev $IF2 weight 1
> 
>  
> 
>  
> 
>  
> 
> I really need help.
> 
>  
> 
> I appreciate it,
> 
>  
> 
> Ron Reicher
> 
> ronysrei@uol.com.br
> 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls
  2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
                   ` (3 preceding siblings ...)
  2002-06-29 16:13 ` Roni Reicher
@ 2002-06-29 18:08 ` William L. Thomson Jr.
  4 siblings, 0 replies; 6+ messages in thread
From: William L. Thomson Jr. @ 2002-06-29 18:08 UTC (permalink / raw)
  To: lartc

On Sat, 2002-06-29 at 09:13, Roni Reicher wrote:
> I installed the kernel 2.4.19pre10 with all the patches and compiled it
> with the equalcost multipath, but Im still having some troubles...

When you say patches I assume you mean Julian's route patch.
http://www.linuxvirtualserver.org/~julian/#routes

> Could anyone check these scrips to see if there is something wrong?

I will do my best.

> I appreciate it,

No problem just doing my part to give back.

> Eth0 (local) -> 192.168.1.1 connected to my W2k Server on 192.168.1.2
> Eth1 (ADSL 1 256k) -> xxx.xxx.xxx.170 gw xxx.xxx.xxx.129
> Eth2 (ADSL 2 512k) -> yyy.yyy.yyy.205 gw yyy.yyy.yyy.193
> 
> My W2K is hosting all the services, and the clients are behind it.

If I could take this moment to say shame on you. You should be hosting
those services on a Linux box, but that may be out of your control. So
be it, at least you are doing the right thing by putting a Linux
router/firewall in front of the w2k server. As it will need to be
protected, like anything else.
 
> This is my IPTABLES SCRIPT.

This I really will not discuss here. Sorry but this type of things is a
netfilter mailing list issue.

With that said you must do NAT in the Linux box for load balancing to
work. You will most likely use either Destination NAT or Port AT.
So long as some sort of NAT is in the linux box, with either of the
above you should not need source but you might. 
 
> 
> IPTABLES=/sbin/iptables
> 
> 
> $IPTABLES -F INPUT
> $IPTABLES -F FORWARD
> $IPTABLES -F OUTPUT
> $IPTABLES -t nat -F PREROUTING
> $IPTABLES -t nat -F POSTROUTING
> $IPTABLES -P INPUT DROP
> $IPTABLES -P FORWARD DROP
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -t nat -P PREROUTING   ACCEPT
> $IPTABLES -t nat -P POSTROUTING  ACCEPT
> $IPTABLES -t nat -P OUTPUT       ACCEPT
> 
> 
> $IPTABLES -A INPUT -p tcp -s 10.0.0.0/255.255.255.0  --dport 23 -j
> ACCEPT
> 
> $IPTABLES -A INPUT -i lo   -j ACCEPT
> $IPTABLES -A INPUT -p icmp -j ACCEPT
> 
> #############################################
> 
> $IPTABLES -A FORWARD -o eth2 -j ACCEPT
> $IPTABLES -A FORWARD -o eth1 -j ACCEPT
> 
> $IPTABLES -A FORWARD -p tcp ! --syn -d 192.168.1.0/255.255.255.0 -j
> ACCEPT
> 
> ##################################
> 
> $IPTABLES -A FORWARD -i eth1  -o eth0 -j ACCEPT
> $IPTABLES -A FORWARD -i eth2  -o eth0 -j ACCEPT
> $IPTABLES -A FORWARD -i eth0  -o eth1 -j ACCEPT
> $IPTABLES -A FORWARD -i eth0  -o eth2 -j ACCEPT
> 
> ###########################################
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
>  $IPTABLES -t nat -A PREROUTING -p tcp -d yyy.yyy.yyy.205  --dport 25
> -j DNAT --to-destination 192.168.1.2
> 
> ###########################################
>  $IPTABLES -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.170 --dport 80
> -j DNAT --to-destination 192.168.1.2
> 
> 
>  $IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
>  $IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24    -j MASQUERADE
>  $IPTABLES -t nat -A POSTROUTING -o eth1           -j MASQUERADE
>  $IPTABLES -t nat -A POSTROUTING -o eth2           -j MASQUERADE
> 
> 
> 
> 
> And this is my Load Balancing Script:

From looking below, I am not going to even try to comment. Why have you
deviated so far from the Nano-how-to? If you have the patches applied
then you problems are coming from below. Now once you have the your load
balancing script looking more like the nano-how-to and are still having
problems. It's mostly an NAT issue at that point. But I can't emphasize
enough that you must stick to the nano-how-to.
 
> IP=/sbin/ip
> 
> 
> IF1=eth1
> IP1=xxx.xxx.xxx.170
> P1=xxx.xxx.xxx.129
> P1_NET=xxx.xxx.xxx.128/26
> 
> IF2=eth2
> IP2=yyy.yyy.yyy.200.168.71.205
> P2= yyy.yyy.yyy.193
> P2_NET= yyy.yyy.yyy.192/26
> 
> ###################################
> 
> echo 201  T1 >> /etc/iproute2/rt_tables
> echo 202  T2 >> /etc/iproute2/rt_tables
> 
> $ROUTE del default
> 
> $IP route add $P1_NET dev $IF1 src $IP1 table T1
> $IP route add default via $P1 table T1
> $IP route add $P2_NET dev $IF2 src $IP2 table T2 
> $IP route add default via $P2 table T2
> 
> $IP route add $P1_NET dev $IF1 src $IP1
> $IP route add $P2_NET dev $IF2 src $IP2
> 
> #########################################
> 
> $IP route add default via $P2
> 
> ######################################################
> 
> $IP rule add from $IP1 table T1
> $IP rule add from $IP2 table T2
> 
> #############################
> 
> $IP route add default scope global nexthop via $P2 dev $IF2 weight 1
> nexthop via $P1 dev $IF1 weight 1
> 
> ######################################################

So adjust this script to look more like the nano-how-to and let me know how it goes.
 
-- 
Sincerely,
William L. Thomson Jr.
Obsidian-Studios, Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com
-- 
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone  707.766.9509
Fax    707.766.8989
http://www.obsidian-studios.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2002-06-29 18:08 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-06-13 14:43 [LARTC] ADVANCED ROUTING USING IPROUTE2 -> Multiple Firewalls Roni Reicher
2002-06-13 17:43 ` William L. Thomson Jr.
2002-06-17 13:18 ` Shroads, Jay
2002-06-26 23:14 ` Roni Reicher
2002-06-29 16:13 ` Roni Reicher
2002-06-29 18:08 ` William L. Thomson Jr.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.