[Fwd: [LARTC] 1 adsl + 1 sdsl + masq + simultaneous incomming routes]

[Fwd: [LARTC] 1 adsl + 1 sdsl + masq + simultaneous incomming routes]

[Mike Fedyk]

phil@optimumdata.com wrote:
> 
> On Fri, 2 Mar 2001, Mike Fedyk wrote:
> 
> > I have two dsl links, each with one ip, and a single gateway is assigned the ip
> > for each.
> >
> >  ______    ______
> > | ADSL |  | SDSL |
> > |______|  |______|
> >        \  /
> >         \/
> >      ___||____
> >     | gateway |
> >     |_________|
> >         ||
> >         ||
> >         ||
> >        _||__
> >       | web |
> >       |_____|
> >
> > OK.
> >
> > The problem: I am able to have the web server use one or the other dsl, but not
> > both at the same time.
> >
> > If I have web set to sdsl, replies to queries that came from adsl go out on the
> > sdsl link. Also since masq is involved, it also responds with the sdsl ip.
> >
> > How can I have replies go back on the correct internet link?  OH, btw, the web
> > server is NT, so I won't be able to modify any packets there...
> 
> What I've done is to put two IPs on the server (your web server, in this
> case). You would then have the gateway send one IP out via ADSL, and the
> out via SDSL.
> 
> There is no way I know of to make that work.
> 
> --
> -----------------------------------------------------------------------
> Phil Brutsche                                      phil@optimumdata.com

There has to be a better way.  I'm forwarding this to LKML.  Maybe they have a
better idea...

I know the kernel keeps a route cache, is there something like a reverse MASQ
feature somewhere.  Storing which incoming route + port number and keeping a
dynamic list...

TIA,

Mike

Re: [Fwd: [LARTC] 1 adsl + 1 sdsl + masq + simultaneous incomming routes]

[Jeremy Jackson]

Mike Fedyk wrote:

> phil@optimumdata.com wrote:
> >
> > On Fri, 2 Mar 2001, Mike Fedyk wrote:
> >
> > > I have two dsl links, each with one ip, and a single gateway is assigned the ip
> > > for each.
> > >
> > >  ______    ______
> > > | ADSL |  | SDSL |
> > > |______|  |______|
> > >        \  /
> > >         \/
> > >      ___||____
> > >     | gateway |
> > >     |_________|
> > >         ||
> > >         ||
> > >         ||
> > >        _||__
> > >       | web |
> > >       |_____|
> > >
> > > OK.
> > >
> > > The problem: I am able to have the web server use one or the other dsl, but not
> > > both at the same time.
> > >
> > > If I have web set to sdsl, replies to queries that came from adsl go out on the
> > > sdsl link. Also since masq is involved, it also responds with the sdsl ip.
> > >
> > > How can I have replies go back on the correct internet link?  OH, btw, the web
> > > server is NT, so I won't be able to modify any packets there...
> >
> > What I've done is to put two IPs on the server (your web server, in this
> > case). You would then have the gateway send one IP out via ADSL, and the
> > out via SDSL.
> >
> > There is no way I know of to make that work.
> >
> > --
> > -----------------------------------------------------------------------
> > Phil Brutsche                                      phil@optimumdata.com
>
> There has to be a better way.  I'm forwarding this to LKML.  Maybe they have a
> better idea...
>
> I know the kernel keeps a route cache, is there something like a reverse MASQ
> feature somewhere.  Storing which incoming route + port number and keeping a
> dynamic list...

try www.liuxdoc.org search for iproute2 and netfilter.

with 2.4. kernel, you can mark packets *before* they go through routing table,
and the routing tablecan use mark value to choose which route to use,
so if you use set up the NT box with two IP's, your firewall can
mark packets based on destination (on webserver) IP.
think of it like having two default routes...

Re: [Fwd: [LARTC] 1 adsl + 1 sdsl + masq + simultaneous incomming routes]

[phil]

On Fri, 2 Mar 2001, Mike Fedyk wrote:

> There has to be a better way.

It's the one I use; it works and works well.

Asking someone who deals with "network appliance" routers (ie Cisco) might
lead to some ideas.  But the Cisco folks I asked recommended the solution
I told you about.  You might have better luck asking someone else.

> I'm forwarding this to LKML.  Maybe they have a better idea...

netdev@oss.sgi.com (or something like that) is actually a better place

> I know the kernel keeps a route cache, is there something like a reverse MASQ
> feature somewhere.  Storing which incoming route + port number and keeping a
> dynamic list...

-- 
-----------------------------------------------------------------------
Phil Brutsche                                      phil@optimumdata.com

Re: [Fwd: [LARTC] 1 adsl + 1 sdsl + masq + simultaneous incomming routes]

[David]

> 
> 
>>> The problem: I am able to have the web server use one or the other dsl, but not
>>> both at the same time.
>>> 
>>> If I have web set to sdsl, replies to queries that came from adsl go out on the
>>> sdsl link. Also since masq is involved, it also responds with the sdsl ip.
>>> 
>>> How can I have replies go back on the correct internet link?  OH, btw, the web
>>> server is NT, so I won't be able to modify any packets there...
>> 
>> What I've done is to put two IPs on the server (your web server, in this
>> case). You would then have the gateway send one IP out via ADSL, and the
>> out via SDSL.
> 
> There has to be a better way.  I'm forwarding this to LKML.  Maybe they have a
> better idea...
> 
> I know the kernel keeps a route cache, is there something like a reverse MASQ
> feature somewhere.  Storing which incoming route + port number and keeping a
> dynamic list...


It all looks very easy if the web server has two IPs.  Making it simple, 
use the following example after modifying the necessary information:

Web server public IPs: 99.0.0.5/32(ADSL), 100.0.0.5/32(SDSL), and set 
default via 10.0.0.1
Gateway: 10.0.0.1 on all interfaces, no default unless you choose to 
have one
ADSL: 99.0.0.1/24, SDSL: 100.0.0.1/24

Routing setup on web server is to point to the default gateway, nothing 
special needed.
Routing on *DSL isn't under your control.
All control is handled on the gateway. (web/eth2, SDSL/eth1, ADSL/eth0)

Gateway:
(establish interfaces)
ip a a 10.0.0.1/32 brd + dev eth0; ip link set eth0 up
ip a a 10.0.0.1/32 brd + dev eth1; ip link set eth1 up
ip a a 10.0.0.1/32 brd + dev eth2; ip link set eth2 up

(add routing for the web server IPs - inbound traffic)
ip route add 99.0.0.5 dev eth2
ip route add 100.0.0.5 dev eth2

(make packet matching rules, tie them to given tables)
ip rule add from 99.0.0.5/32 to 0.0.0.0/0 table 99 prio 99
ip rule add from 100.0.0.5/32 to 0.0.0.0/0 table 100 prio 100

(add the routing based on the table - outbound traffic)
ip route add via 99.0.0.1 table 99 dev eth0 onlink
ip route add via 100.0.0.1 table 100 dev eth1 onlink

This is off the top of my head but it should work fine.

Of course if the *DSL arrives on the gateway via a hub, simply combine 
the interfaces as appropriate.

-d
p.s. those in the know, feel free to correct me