* [LARTC] Splitting internet access with two providers
@ 2003-04-06 21:56 GoMi .
2003-04-07 3:27 ` N N Ashok
0 siblings, 1 reply; 2+ messages in thread
From: GoMi . @ 2003-04-06 21:56 UTC (permalink / raw)
To: lartc
Hi there, since i failed to shape traffic due to p2p programs, i am thinking
about splitting my internet connection. Here is the scenario once again for
those who haven't red any of my emails :)
______
<hub1> <-------> |Switch| ______
| | | | eth0
<hub2> <-------> | | |Linux | <----------> Router ADSL1
. | | eth3 | |192.168.3.5 192.168.3.6
. | | <-----> | Box |
. | |192.169.1.1| | eth2
. | | | | <----------> Router ADSL2
<hub24> <------> |______| |______|192.168.4.2 192.168.4.1
I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only
for massive downloads.
The problem comes with connection tracking, it looks like its not working,
probably i am doing something wrong. Where is connection_tracking being
done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending
on the --destination-port option, and i am using a stateful firewall, anyone
having the same troble, anyone can light me up? :)
PD: Sorry for my poor english :)
##################################################
## SNAT
##
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
0:1024 -j SNAT --to 192.168.3.5
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport
0:1024 -j SNAT --to 192.168.3.5
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport
1024: -j SNAT --to 192.168.4.2
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport
1024: -j SNAT --to 192.168.4.2
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
192.168.3.5
####################################################
## Stateful Firewall
##
iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A keep_state -j RETURN
iptables -t nat -N keep_state
iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED
-j ACCEPT
iptables -t nat -A keep_state -j RETURN
iptables -t nat -A PREROUTING -j keep_state
iptables -t nat -A POSTROUTING -j keep_state
iptables -t nat -A OUTPUT -j keep_state
iptables -t filter -A INPUT -j keep_state
iptables -t filter -A OUTPUT -j keep_state
iptables -t filter -A FORWARD -j keep_state
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] Splitting internet access with two providers
2003-04-06 21:56 [LARTC] Splitting internet access with two providers GoMi .
@ 2003-04-07 3:27 ` N N Ashok
0 siblings, 0 replies; 2+ messages in thread
From: N N Ashok @ 2003-04-07 3:27 UTC (permalink / raw)
To: lartc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sunday 06 April 2003 17:56, GoMi . scrawled:
> Hi there, since i failed to shape traffic due to p2p programs, i am
> thinking about splitting my internet connection. Here is the scenario once
> again for those who haven't red any of my emails :)
>
> ______
> <hub1> <-------> |Switch| ______
>
> | | | | eth0
>
> <hub2> <-------> | | |Linux | <----------> Router ADSL1
> . | | eth3 | |192.168.3.5 192.168.3.6
> . | | <-----> | Box |
> . | |192.169.1.1| | eth2
> . | | | | <----------> Router ADSL2
> <hub24> <------> |______| |______|192.168.4.2 192.168.4.1
>
> I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only
> for massive downloads.
>
> The problem comes with connection tracking, it looks like its not working,
> probably i am doing something wrong. Where is connection_tracking being
> done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending
> on the --destination-port option, and i am using a stateful firewall,
> anyone having the same troble, anyone can light me up? :)
>
> PD: Sorry for my poor english :)
>
> ##################################################
> ## SNAT
> ##
>
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> 0:1024 -j SNAT --to 192.168.3.5
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport
> 0:1024 -j SNAT --to 192.168.3.5
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport
> 1024: -j SNAT --to 192.168.4.2
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport
> 1024: -j SNAT --to 192.168.4.2
>
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
> 192.168.3.5
>
>
> ####################################################
> ## Stateful Firewall
> ##
>
> iptables -t filter -N keep_state
> iptables -t filter -A keep_state -m state --state
> RELATED,ESTABLISHED -j ACCEPT
> iptables -t filter -A keep_state -j RETURN
>
> iptables -t nat -N keep_state
> iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED
> -j ACCEPT
> iptables -t nat -A keep_state -j RETURN
>
> iptables -t nat -A PREROUTING -j keep_state
> iptables -t nat -A POSTROUTING -j keep_state
> iptables -t nat -A OUTPUT -j keep_state
>
> iptables -t filter -A INPUT -j keep_state
> iptables -t filter -A OUTPUT -j keep_state
> iptables -t filter -A FORWARD -j keep_state
>
>
> _________________________________________________________________
> Charla con tus amigos en línea mediante MSN Messenger:
> http://messenger.yupimsn.com/
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hi,
you are SNATting outgoing traffic on eth0 with the IP address of eth2
(192.168.4.2) and vice versa.
> iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> 0:1024 -j SNAT --to 192.168.3.5
typo or this was the error??
thanks,
ashok
- --
- -----------------------------------------------------------------------------
My public key:
gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
- -----------------------------------------------------------------------------
"...there is nothing so unnatural as the commonplace."
Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identity"
- -----------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E
zLCuLmTsRKUVcbI1wca7mp0=XA1n
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-04-07 3:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-06 21:56 [LARTC] Splitting internet access with two providers GoMi .
2003-04-07 3:27 ` N N Ashok
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.