From: guillaume <guillaume.riviere@vslitc.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Slipt 2 ISP strange routing problem
Date: Thu, 02 Sep 2004 04:27:56 +0000 [thread overview]
Message-ID: <41370397.4080407@vslitc.com> (raw)
Dear all Lartc,
I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian
sarge) 3 NIC router,
I want all my users conneted with ISP1 and just some IP connected with ISP2
Here is my configuration:
Internal network: 10.117.71.0/24
Interface eth0
ISP1: IP for my linux box: 1.2.3.4/29
Interface: eth1
Gateway: 1.2.3.5
ISP2: IP for my linux box: 5.6.7.8/29
interface: eth2
gateway: 5.6.7.9 (in fact it's my adsl modem)
You can see below my configuration for iptables and iproute2
I get a strange problem:
All my user can connect to internet with ISP1, there is no problem.
But when I try with 10.117.71.1 (the one routed to ISP2),
I can connect to the gateway (5.6.7.9), that mean that I am correctly
routed.
But I cannot connect (or ping) internet. I think packets are send but
when the
web site (google.com for exemple) reply, my packets are not routed back.
I also try to connect to 5.6.7.9 (ISP2 gateway) from other internal IP
(routed on ISP1),
and it's not possible, but for the moment it's not a problem for me.
I test my connection from my modem (gateway ISP2), no problem.
Is there some kind guru of iptables and iproute2 to help me on this ?
Thank you in advance,
Guillaume
Here is my script for routing and iptables:
#################################
# ISP2
/sbin/ip route flush table 5
/sbin/ip route add table 5 default via 5.6.7.9 dev eth2
/sbin/ip rule add fwmark 5 table 5
echo "firewall constants setup"
# FLUSH the tables
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t mangle -F PREROUTING
## Mangeling Rules ##
# special rules for some IPs to go on second ISP
iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 5
# SNAT RULES
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
iptables -t nat -A POSTROUTING -o eth2 -s 10.117.71.1 -j SNAT --to 5.6.7.8
###############################################
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
auto lo
iface lo inet loopback
# (network, broadcast and gateway are optional)
auto eth1 eth0 eth2
# local network (LAN)
iface eth0 inet static
address 10.117.71.1
netmask 255.255.255.0
# external network (ISP1)
iface eth1 inet static
address 1.2.3.4
netmask 255.255.255.248
gateway 1.2.3.5
iface eth2 inet static
address 5.6.7.8
netmask 255.255.255.248
#######################################
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2004-09-02 4:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-02 4:27 guillaume [this message]
2004-09-03 9:11 ` [LARTC] Slipt 2 ISP strange routing problem Robert Kurjata
2004-09-04 3:33 ` guillaume
2004-09-04 3:44 ` guillaume
2004-09-06 8:21 ` guillaume
2004-09-06 9:28 ` guillaume
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41370397.4080407@vslitc.com \
--to=guillaume.riviere@vslitc.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox