From mboxrd@z Thu Jan 1 00:00:00 1970 From: "GoMi ." Date: Sun, 06 Apr 2003 21:56:03 +0000 Subject: [LARTC] Splitting internet access with two providers Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hi there, since i failed to shape traffic due to p2p programs, i am thinkin= g=20 about splitting my internet connection. Here is the scenario once again for= =20 those who haven't red any of my emails :) ______ <-------> |Switch| ______ | | | | eth0 <-------> | | |Linux | <----------> Router ADSL1 . | | eth3 | |192.168.3.5 192.168.3.6 . | | <-----> | Box | . | |192.169.1.1| | eth2 . | | | | <----------> Router ADSL2 <------> |______| |______|192.168.4.2 192.168.4.1 I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only= =20 for massive downloads. The problem comes with connection tracking, it looks like its not working, = probably i am doing something wrong. Where is connection_tracking being=20 done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending= =20 on the --destination-port option, and i am using a stateful firewall, anyon= e=20 having the same troble, anyone can light me up? :) PD: Sorry for my poor english :) ################################################## ## SNAT ## iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport=20 0:1024 -j SNAT --to 192.168.3.5 iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport=20 0:1024 -j SNAT --to 192.168.3.5 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport=20 1024: -j SNAT --to 192.168.4.2 iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport=20 1024: -j SNAT --to 192.168.4.2 iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to=20 192.168.3.5 #################################################### ## Stateful Firewall ## iptables -t filter -N keep_state iptables -t filter -A keep_state -m state --state=20 RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A keep_state -j RETURN iptables -t nat -N keep_state iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED = -j ACCEPT iptables -t nat -A keep_state -j RETURN iptables -t nat -A PREROUTING -j keep_state iptables -t nat -A POSTROUTING -j keep_state iptables -t nat -A OUTPUT -j keep_state iptables -t filter -A INPUT -j keep_state iptables -t filter -A OUTPUT -j keep_state iptables -t filter -A FORWARD -j keep_state _________________________________________________________________ Charla con tus amigos en l=EDnea mediante MSN Messenger:=20 http://messenger.yupimsn.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/