From mboxrd@z Thu Jan 1 00:00:00 1970 From: N N Ashok Date: Mon, 07 Apr 2003 03:27:21 +0000 Subject: Re: [LARTC] Splitting internet access with two providers Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 06 April 2003 17:56, GoMi . scrawled: > Hi there, since i failed to shape traffic due to p2p programs, i am > thinking about splitting my internet connection. Here is the scenario once > again for those who haven't red any of my emails :) > > ______ > <-------> |Switch| ______ > > | | | | eth0 > > <-------> | | |Linux | <----------> Router ADSL1 > . | | eth3 | |192.168.3.5 192.168.3.6 > . | | <-----> | Box | > . | |192.169.1.1| | eth2 > . | | | | <----------> Router ADSL2 > <------> |______| |______|192.168.4.2 192.168.4.1 > > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one on= ly > for massive downloads. > > The problem comes with connection tracking, it looks like its not working, > probably i am doing something wrong. Where is connection_tracking being > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT dependi= ng > on the --destination-port option, and i am using a stateful firewall, > anyone having the same troble, anyone can light me up? :) > > PD: Sorry for my poor english :) > > ################################################## > ## SNAT > ## > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport > 0:1024 -j SNAT --to 192.168.3.5 > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport > 0:1024 -j SNAT --to 192.168.3.5 > > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport > 1024: -j SNAT --to 192.168.4.2 > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport > 1024: -j SNAT --to 192.168.4.2 > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to > 192.168.3.5 > > > #################################################### > ## Stateful Firewall > ## > > iptables -t filter -N keep_state > iptables -t filter -A keep_state -m state --state > RELATED,ESTABLISHED -j ACCEPT > iptables -t filter -A keep_state -j RETURN > > iptables -t nat -N keep_state > iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED > -j ACCEPT > iptables -t nat -A keep_state -j RETURN > > iptables -t nat -A PREROUTING -j keep_state > iptables -t nat -A POSTROUTING -j keep_state > iptables -t nat -A OUTPUT -j keep_state > > iptables -t filter -A INPUT -j keep_state > iptables -t filter -A OUTPUT -j keep_state > iptables -t filter -A FORWARD -j keep_state > > > _________________________________________________________________ > Charla con tus amigos en l=EDnea mediante MSN Messenger: > http://messenger.yupimsn.com/ > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ hi, you are SNATting outgoing traffic on eth0 with the IP address of eth2=20 (192.168.4.2) and vice versa. > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport=20 > 0:1024 -j SNAT --to 192.168.3.5 typo or this was the error?? thanks, ashok - --=20 - -------------------------------------------------------------------------= ---- My public key: gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E - -------------------------------------------------------------------------= ---- "...there is nothing so unnatural as the commonplace." Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identit= y" - -------------------------------------------------------------------------= ---- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E zLCuLmTsRKUVcbI1wca7mp0=3DXA1n -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/