* Fwd: Re: [LARTC] Splitting internet access with two providers
@ 2003-04-07 13:41 GoMi .
0 siblings, 0 replies; only message in thread
From: GoMi . @ 2003-04-07 13:41 UTC (permalink / raw)
To: lartc
Sorry, that was a mistake, the actual scenario is the following :
______
<hub1> <-------> |Switch| ______
| | | | eth2
<hub2> <-------> | | |Linux | <----------> Router ADSL1
. | | eth3 | |192.168.3.5 192.168.3.6
. | | <-----> | Box |
. | |192.169.1.1| | eth0
. | | | | <----------> Router ADSL2
<hub24> <------> |______| |______|192.168.4.2 192.168.4.1
-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Sunday 06 April 2003 17:56, GoMi . scrawled:
> > Hi there, since i failed to shape traffic due to p2p programs, i am
> > thinking about splitting my internet connection. Here is the scenario
>once
> > again for those who haven't red any of my emails :)
> >
> > ______
> > <hub1> <-------> |Switch| ______
> >
> > | | | | eth0
> >
> > <hub2> <-------> | | |Linux | <----------> Router ADSL1
> > . | | eth3 | |192.168.3.5 192.168.3.6
> > . | | <-----> | Box |
> > . | |192.169.1.1| | eth2
> > . | | | | <----------> Router ADSL2
> > <hub24> <------> |______| |______|192.168.4.2 192.168.4.1
> >
> > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one
>only
> > for massive downloads.
> >
> > The problem comes with connection tracking, it looks like its not
>working,
> > probably i am doing something wrong. Where is connection_tracking being
> > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT
>depending
> > on the --destination-port option, and i am using a stateful firewall,
> > anyone having the same troble, anyone can light me up? :)
> >
> > PD: Sorry for my poor english :)
> >
> > ##################################################
> > ## SNAT
> > ##
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport
> > 1024: -j SNAT --to 192.168.4.2
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport
> > 1024: -j SNAT --to 192.168.4.2
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
> > 192.168.3.5
> >
> >
> > ####################################################
> > ## Stateful Firewall
> > ##
> >
> > iptables -t filter -N keep_state
> > iptables -t filter -A keep_state -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> > iptables -t filter -A keep_state -j RETURN
> >
> > iptables -t nat -N keep_state
> > iptables -t nat -A keep_state -m state --state
>RELATED,ESTABLISHED
> > -j ACCEPT
> > iptables -t nat -A keep_state -j RETURN
> >
> > iptables -t nat -A PREROUTING -j keep_state
> > iptables -t nat -A POSTROUTING -j keep_state
> > iptables -t nat -A OUTPUT -j keep_state
> >
> > iptables -t filter -A INPUT -j keep_state
> > iptables -t filter -A OUTPUT -j keep_state
> > iptables -t filter -A FORWARD -j keep_state
> >
> >
> > _________________________________________________________________
> > Charla con tus amigos en línea mediante MSN Messenger:
> > http://messenger.yupimsn.com/
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>hi,
> you are SNATting outgoing traffic on eth0 with the IP address of eth2
>(192.168.4.2) and vice versa.
>
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport
> > 0:1024 -j SNAT --to 192.168.3.5
>
> typo or this was the error??
>
>thanks,
>ashok
>
>- --
>-
>-----------------------------------------------------------------------------
>My public key:
> gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
>-
>-----------------------------------------------------------------------------
>"...there is nothing so unnatural as the commonplace."
>Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of
>Identity"
>-
>-----------------------------------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E
>zLCuLmTsRKUVcbI1wca7mp0>=XA1n
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger:
http://messenger.yupimsn.com/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-04-07 13:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-07 13:41 Fwd: Re: [LARTC] Splitting internet access with two providers GoMi .
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.