From: "GoMi ." <gomiuk@hotmail.com>
To: lartc@vger.kernel.org
Subject: Fwd: Re: [LARTC] Splitting internet access with two providers
Date: Mon, 07 Apr 2003 13:41:54 +0000 [thread overview]
Message-ID: <marc-lartc-104972296922183@msgid-missing> (raw)
Sorry, that was a mistake, the actual scenario is the following :
______
<hub1> <-------> |Switch| ______
| | | | eth2
<hub2> <-------> | | |Linux | <----------> Router ADSL1
. | | eth3 | |192.168.3.5 192.168.3.6
. | | <-----> | Box |
. | |192.169.1.1| | eth0
. | | | | <----------> Router ADSL2
<hub24> <------> |______| |______|192.168.4.2 192.168.4.1
-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Sunday 06 April 2003 17:56, GoMi . scrawled:
> > Hi there, since i failed to shape traffic due to p2p programs, i am
> > thinking about splitting my internet connection. Here is the scenario
>once
> > again for those who haven't red any of my emails :)
> >
> > ______
> > <hub1> <-------> |Switch| ______
> >
> > | | | | eth0
> >
> > <hub2> <-------> | | |Linux | <----------> Router ADSL1
> > . | | eth3 | |192.168.3.5 192.168.3.6
> > . | | <-----> | Box |
> > . | |192.169.1.1| | eth2
> > . | | | | <----------> Router ADSL2
> > <hub24> <------> |______| |______|192.168.4.2 192.168.4.1
> >
> > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one
>only
> > for massive downloads.
> >
> > The problem comes with connection tracking, it looks like its not
>working,
> > probably i am doing something wrong. Where is connection_tracking being
> > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT
>depending
> > on the --destination-port option, and i am using a stateful firewall,
> > anyone having the same troble, anyone can light me up? :)
> >
> > PD: Sorry for my poor english :)
> >
> > ##################################################
> > ## SNAT
> > ##
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport
> > 1024: -j SNAT --to 192.168.4.2
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport
> > 1024: -j SNAT --to 192.168.4.2
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
> > 192.168.3.5
> >
> >
> > ####################################################
> > ## Stateful Firewall
> > ##
> >
> > iptables -t filter -N keep_state
> > iptables -t filter -A keep_state -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> > iptables -t filter -A keep_state -j RETURN
> >
> > iptables -t nat -N keep_state
> > iptables -t nat -A keep_state -m state --state
>RELATED,ESTABLISHED
> > -j ACCEPT
> > iptables -t nat -A keep_state -j RETURN
> >
> > iptables -t nat -A PREROUTING -j keep_state
> > iptables -t nat -A POSTROUTING -j keep_state
> > iptables -t nat -A OUTPUT -j keep_state
> >
> > iptables -t filter -A INPUT -j keep_state
> > iptables -t filter -A OUTPUT -j keep_state
> > iptables -t filter -A FORWARD -j keep_state
> >
> >
> > _________________________________________________________________
> > Charla con tus amigos en línea mediante MSN Messenger:
> > http://messenger.yupimsn.com/
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>hi,
> you are SNATting outgoing traffic on eth0 with the IP address of eth2
>(192.168.4.2) and vice versa.
>
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
>
> typo or this was the error??
>
>thanks,
>ashok
>
>- --
>-
>-----------------------------------------------------------------------------
>My public key:
> gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
>-
>-----------------------------------------------------------------------------
>"...there is nothing so unnatural as the commonplace."
>Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of
>Identity"
>-
>-----------------------------------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E
>zLCuLmTsRKUVcbI1wca7mp0>=XA1n
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2003-04-07 13:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104972296922183@msgid-missing \
--to=gomiuk@hotmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.