From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Jos=E9_Luis_Domingo_L=F3pez?= Date: Sun, 29 Sep 2002 22:45:33 +0000 Subject: Re: [LARTC] Iptables, SNAT/MASQ, Multiple gateways Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Sunday, 29 September 2002, at 11:24:03 -0700, Simon Matthews wrote: > I have a dual-homed firewall. It has 2 Internet connections, provided by > different ISPs (each with an associated IP address). The 2 Internet > connections are connected to the same physical interface. The 2 Internet > connections do NOT have equal bandwidth > > How do I configure the SNAT/MASQ and ensure sharing of the gateways with > the correct ratio of usage and with the correct source IP address? > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \ nexthop via $CONN2_IP dev $ETHX weight $Y weight(s) are the relative bandwidths of the connections. If the first is a 2 Mbps line and the second a 512 Kbps one, $=4 and $Y=1, for example. What matters is the ratio, not the actual bandwidth. > I know how to use the 'ip' commands to configure gateway sharing according > to my defined ratios and ensure that packets go out of the correct gateway > according to their source address. > The above defines routing. And SNAT/MASQ is something done afterwards, so you could SNAT/MASQ traffic going to each connection differently. What I don't know right now is how to determine to which Internet connection are packets going in your setup with only an ethernet card for both. With a card for each Internet connection it is simple. Hope this helps. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/