Re: [LARTC] multiple nics, same isp, each nic independently

[johnny@liquidzone.net]

Hi, and thank you for your reply. I read thru the script i had made with
the routes and realized i had screwed up... i had forgotten to add a "dev
eth2" when setting a default route on the table table_eth2.

# ip route add $net dev eth2 src $ip2 table table_eth2
# ip route add default via 213.114.191.1 -->dev eth2<-- table table_eth2
# ip rule add from $ip2 table table_eth2

so when adding the routes the last time i actually didnt change any route,
but just adding the default route on eth0 in a different table... but now
it all works fine.
Since the howto was for routing between 2 different isp:s it didnt have to
apply what nic the rule was for, and since im kindof new to this i didnt
see it either...
but now it all works as it should (i hope).

Thank you Martin.


> Hi Johnny,
>
>  : I want each of the nics to use there own gateway.. even if it’s the
>  : same on all nic:s... this is because I have bound different services to
>  : the different nics so I can get accurate transfer stats for every nic,
>  : separate ftp traffic from www and mail.
>
> Interesting....might I ask why using netfilter (with connection tracking)
> doesn't give you the sort of accounting you need?  I suspect that this
> would be much simpler than the solution you propose (restricting certain
> kinds of traffic to specific interfaces).
>
>  : Eth0 = mail (public ip)
>  : Eth1 = www (public ip)
>  : Eth2 = ftp (public ip)
>  : Eth3 = internal network (private ip)
>  :
>  : Kernel IP routing table
>  : Destination     Gateway         Genmask         Flags Metric Ref    Use
>  Iface
>  : 222.144.190.0   0.0.0.0         255.255.255.128 U     0      0        0
>  eth0
>  : 222.144.190.0   0.0.0.0         255.255.255.128 U     0      0        0
>  eth2
>  : 222.144.190.0   0.0.0.0         255.255.255.128 U     0      0        0
>  eth1
>  : 192.168.150.0   0.0.0.0         255.255.255.0   U     0      0        0
>  eth3
>  : 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
>  lo
>  : 0.0.0.0         222.144.190.1   0.0.0.0         UG    0      0        0
>  eth0
>
> Here's your problem.  You have only one routing table.  The main routing
> table.  In order to solve this problem in the manner you describe, you'll
> need
> to use policy routing.  You should become familiar with the concept of the
> RPDB and multiple routing tables before you can solve this problem.
>
>  : if I connect to ftp, eth2 incoming traffic goes in on eth2, ftp data
>  : (files and such) goes out eth0. If I surf to my webserver eth1
>  : incomming requests goes on eth1 but the actuall webpage is sent on
>  : eth0.
>  :
>  : This is not what I want, I want both ftp-data and ftp-command to go in
> and
>  : out on eth2, www and the actual pages to go in and out on eth1. and
> mail
>  : to go in and out on eth0. so I want all the nics to use there own
> gateway.
>  : But I don’t know how to do it...
>
> I expect that it would be easier for you to famaliarize yourself with
> iptables and use the accounting rules than it would be for you to become
> familiar with policy routing for such a simple problem.
>
>  : the solution to this is probably trivial but i have tryed all i could
>  : find info on... read the howto on lartc but the closest thing i can
>  : find is
>  :
>  : 4.2. Routing for multiple uplinks/providers
>  :
>  : but that doesnt really apply to my "problem" since i want to use the
>  : same provider, but each nic independently...
>
> I wouldn't recommend this solution--but as you note, this was the closest
> thing you could find.  This is not to say that you couldn't specify output
> interface based on source IP.  If you really wish to attempt this
> solution, write back to the list.
>
> I'd suggest using a simpler technique like this:
>
>   iptables -t filter -I OUTPUT -s $DHCP0 -j ACCEPT
>   iptables -t filter -I OUTPUT -s $DHCP1 -j ACCEPT
>   iptables -t filter -I OUTPUT -s $DHCP2 -j ACCEPT
>
>   iptables -t filter -I INPUT  -s $DHCP0 -j ACCEPT
>   iptables -t filter -I INPUT  -s $DHCP1 -j ACCEPT
>   iptables -t filter -I INPUT  -s $DHCP2 -j ACCEPT
>
> Then, when you need to calculate how much bandwidth was used on each
> service, you can use iptable -nvL INPUT to see the total amount of
> bandwidth used in each of these rules.
>
> If you are serious about calculating your bandwidth usage, you may find an
> IP accounting tool is well-suited for your needs.  Consider something like
> iptraf [1] in background mode [2] or ipac-ng [3] (I assume you are running
> a 2.4 kernel).
>
> Best of luck,
>
> -Martin
>
>  [1]  http://iptraf.seul.org/
>  [2]  http://iptraf.seul.org/2.7/backop.html
>  [3]  http://sourceforge.net/projects/ipac-ng/
>       http://www.linux.org/apps/AppId_7462.html
> --
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/