[LARTC] a little program with split access?

From: "Sean Oh" <oh@storageone.co.kr>
To: lartc@vger.kernel.org
Subject: [LARTC] a little program with split access?
Date: Tue, 22 Oct 2002 05:54:58 +0000	[thread overview]
Message-ID: <marc-lartc-103526620501562@msgid-missing> (raw)

(I am resending this message because my previous mail seems corrupted)

Hi.

I am having a little problem with IP MASQ and IPROUTE2.
I am using RedHat 8.0 with IPTABLES.

I have a linux gateway server with 3 NICs.

I set up the linux server as the below. As the result, it works fine(
192.168.0.x can access the internet by masquerading via eth2
and external internet can access the eth1 and eth2).
But the problem is that the hosts in the local network (192.168.0.x) can not
access the ip addresses of 211.x.x.155(eth2) and 218.x.x.20(eth1), even
though ip forwarding is
turned on. It can only ping and access via 192.168.0.1(IP of eth0)

Could someone please sugguested me the solutions?

Thanks in advance.

My environment ans settings:

Local Network   +-------------+ eth1(218.x.x.20) --> ISP1
(192.168.0.x) ---| Linux Server |--------
                eth0    |                      |
      192.168.0.1 |                      |--------
                         +--------------+ eth2(211.x.x.155) -->ISP2

The eth1 and eth2 are the links to internet. I  have 2 providers to Internet
and I would like to use eth2 as the default route to internet from Local
Network(192.168.0.x) and eth1 as for the servers(DNS, mail, web) that people
from external Internet
to access. The reason behind that is that provider ISP2 are not
allowing me to run servers on that link, so I had to setup another link for
servers(eth1).

The IP masqurading is used and ip forwarding is turned on.
----
#!/bin/sh

echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/ip route add 211.x.x.128 dev eth2 src 211.x.x.155 table SI
/sbin/ip route add default via 211.x.x.129 table SI
/sbin/ip route add 218.x.x.0 dev eth1 src 218.x.x.20 table KT
/sbin/ip route add default via 218.x.x.1 table KT

/sbin/ip route add 211.x.x.128 dev eth2 src 211.x.x.155
/sbin/ip route add 218.x.x.0 dev eth1 src 218.x.x.20

/sbin/ip route add default via 211.x.x.129

/sbin/ip rule add from 211.x.x.155 table SI
/sbin/ip rule add from 218.x.x.20 table KT

/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
---------------
this script is run in the rc.local if the ifup scripts are executed.

[root@www root]# ip route show
211.x.x.128 dev eth2  scope link  src 211.x.x.155
218.x.x.0 dev eth1  scope link  src 218.x.x.20
211.x.x.128/25 dev eth2  scope link
192.168.0.0/24 dev eth0  scope link
218.x.x.0/24 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 211.x.x.129 dev eth2

[root@www root]# ip route show table SI
211.x.x.128 dev eth2  scope link  src 211.x.x.155
default via 211.x.x.129 dev eth2
[root@www root]# ip route show table KT
218.x.x.0 dev eth1  scope link  src 218.x.x.20
default via 218.x.x.1 dev eth1

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/