From mboxrd@z Thu Jan 1 00:00:00 1970 From: "GoMi ." Date: Mon, 07 Apr 2003 13:41:54 +0000 Subject: Fwd: Re: [LARTC] Splitting internet access with two providers Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Sorry, that was a mistake, the actual scenario is the following : ______ <-------> |Switch| ______ | | | | eth2 <-------> | | |Linux | <----------> Router ADSL1 . | | eth3 | |192.168.3.5 192.168.3.6 . | | <-----> | Box | . | |192.169.1.1| | eth0 . | | | | <----------> Router ADSL2 <------> |______| |______|192.168.4.2 192.168.4.1 -----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Sunday 06 April 2003 17:56, GoMi . scrawled: > > Hi there, since i failed to shape traffic due to p2p programs, i am > > thinking about splitting my internet connection. Here is the scenario=20 >once > > again for those who haven't red any of my emails :) > > > > ______ > > <-------> |Switch| ______ > > > > | | | | eth0 > > > > <-------> | | |Linux | <----------> Router ADSL1 > > . | | eth3 | |192.168.3.5 192.168.3.6 > > . | | <-----> | Box | > > . | |192.169.1.1| | eth2 > > . | | | | <----------> Router ADSL2 > > <------> |______| |______|192.168.4.2 192.168.4.1 > > > > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one = >only > > for massive downloads. > > > > The problem comes with connection tracking, it looks like its not=20 >working, > > probably i am doing something wrong. Where is connection_tracking being > > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT=20 >depending > > on the --destination-port option, and i am using a stateful firewall, > > anyone having the same troble, anyone can light me up? :) > > > > PD: Sorry for my poor english :) > > > > ################################################## > > ## SNAT > > ## > > > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport > > 0:1024 -j SNAT --to 192.168.3.5 > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport > > 0:1024 -j SNAT --to 192.168.3.5 > > > > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport > > 1024: -j SNAT --to 192.168.4.2 > > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport > > 1024: -j SNAT --to 192.168.4.2 > > > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to > > 192.168.3.5 > > > > > > #################################################### > > ## Stateful Firewall > > ## > > > > iptables -t filter -N keep_state > > iptables -t filter -A keep_state -m state --state > > RELATED,ESTABLISHED -j ACCEPT > > iptables -t filter -A keep_state -j RETURN > > > > iptables -t nat -N keep_state > > iptables -t nat -A keep_state -m state --state=20 >RELATED,ESTABLISHED > > -j ACCEPT > > iptables -t nat -A keep_state -j RETURN > > > > iptables -t nat -A PREROUTING -j keep_state > > iptables -t nat -A POSTROUTING -j keep_state > > iptables -t nat -A OUTPUT -j keep_state > > > > iptables -t filter -A INPUT -j keep_state > > iptables -t filter -A OUTPUT -j keep_state > > iptables -t filter -A FORWARD -j keep_state > > > > > > _________________________________________________________________ > > Charla con tus amigos en l=EDnea mediante MSN Messenger: > > http://messenger.yupimsn.com/ > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >hi, > you are SNATting outgoing traffic on eth0 with the IP address of eth2 >(192.168.4.2) and vice versa. > > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport > > 0:1024 -j SNAT --to 192.168.3.5 > > typo or this was the error?? > >thanks, >ashok > >- -- >-=20 >--------------------------------------------------------------------------= --- >My public key: > gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E >-=20 >--------------------------------------------------------------------------= --- >"...there is nothing so unnatural as the commonplace." >Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of=20 >Identity" >-=20 >--------------------------------------------------------------------------= --- >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.7 (GNU/Linux) > >iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E >zLCuLmTsRKUVcbI1wca7mp0>=3DXA1n >-----END PGP SIGNATURE----- > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _________________________________________________________________ Charla con tus amigos en l=EDnea mediante MSN Messenger:=20 http://messenger.yupimsn.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/