From: N N Ashok <nalkunda@cse.msu.edu>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Splitting internet access with two providers
Date: Mon, 07 Apr 2003 03:27:21 +0000 [thread overview]
Message-ID: <marc-lartc-104968617027962@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104966626817282@msgid-missing>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 06 April 2003 17:56, GoMi . scrawled:
> Hi there, since i failed to shape traffic due to p2p programs, i am
> thinking about splitting my internet connection. Here is the scenario once
> again for those who haven't red any of my emails :)
>
> ______
> <hub1> <-------> |Switch| ______
>
> | | | | eth0
>
> <hub2> <-------> | | |Linux | <----------> Router ADSL1
> . | | eth3 | |192.168.3.5 192.168.3.6
> . | | <-----> | Box |
> . | |192.169.1.1| | eth2
> . | | | | <----------> Router ADSL2
> <hub24> <------> |______| |______|192.168.4.2 192.168.4.1
>
> I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only
> for massive downloads.
>
> The problem comes with connection tracking, it looks like its not working,
> probably i am doing something wrong. Where is connection_tracking being
> done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending
> on the --destination-port option, and i am using a stateful firewall,
> anyone having the same troble, anyone can light me up? :)
>
> PD: Sorry for my poor english :)
>
> ##################################################
> ## SNAT
> ##
>
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> 0:1024 -j SNAT --to 192.168.3.5
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport
> 0:1024 -j SNAT --to 192.168.3.5
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport
> 1024: -j SNAT --to 192.168.4.2
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport
> 1024: -j SNAT --to 192.168.4.2
>
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
> 192.168.3.5
>
>
> ####################################################
> ## Stateful Firewall
> ##
>
> iptables -t filter -N keep_state
> iptables -t filter -A keep_state -m state --state
> RELATED,ESTABLISHED -j ACCEPT
> iptables -t filter -A keep_state -j RETURN
>
> iptables -t nat -N keep_state
> iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> iptables -t nat -A keep_state -j RETURN
>
> iptables -t nat -A PREROUTING -j keep_state
> iptables -t nat -A POSTROUTING -j keep_state
> iptables -t nat -A OUTPUT -j keep_state
>
> iptables -t filter -A INPUT -j keep_state
> iptables -t filter -A OUTPUT -j keep_state
> iptables -t filter -A FORWARD -j keep_state
>
>
> _________________________________________________________________
> Charla con tus amigos en línea mediante MSN Messenger:
> http://messenger.yupimsn.com/
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hi,
you are SNATting outgoing traffic on eth0 with the IP address of eth2
(192.168.4.2) and vice versa.
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> 0:1024 -j SNAT --to 192.168.3.5
typo or this was the error??
thanks,
ashok
- --
- -----------------------------------------------------------------------------
My public key:
gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
- -----------------------------------------------------------------------------
"...there is nothing so unnatural as the commonplace."
Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identity"
- -----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E
zLCuLmTsRKUVcbI1wca7mp0=XA1n
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2003-04-07 3:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-06 21:56 [LARTC] Splitting internet access with two providers GoMi .
2003-04-07 3:27 ` N N Ashok [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104968617027962@msgid-missing \
--to=nalkunda@cse.msu.edu \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.