* Internal PC/external Gateway
@ 2005-05-14 8:59 Sadus .
2005-05-14 15:36 ` Jason Opperisano
0 siblings, 1 reply; 11+ messages in thread
From: Sadus . @ 2005-05-14 8:59 UTC (permalink / raw)
To: netfilter
Hello,
So here's my current setup at home.
I control Provider 2. (which is not more than a simple box taking
internet from provider 1 and that internet sharing enabled, restricted
to the box' internal network and my IP which is on the external
interface).
I also control the Linux GW.
+------------+
| | |
----+ Provider 1 +-------
__ | | | /
PC1__/ \_ +------+-------+ | +------------+ |
_/ \__ | | | /
/ \ | | | |
| Local network -----+Linux GW eth0|- |Internet
\_ __/ | | | |
\__ __/ | | | \
PC2 \___/ +------+-------+ | +------------+ |
| | | \
----+ Provider 2 +-------
| | |
+------------+
In order to the connect to the internet, on my GW, i set the Provider
1's IP. and then PC1 and PC2 can access the internet after SNAT or
MASQUERADE on the GW. Since Provider 1 limits the speed on IPs, PC1 and
PC2 used to split and share the connection speed, so lets say Provider 1
gives me 40K, PC1 and PC2 have to share that speed.
What i want to do is let PC2 have as Gateway Provider 2, so that each PC
can have its own 40K.
What are the procedures to be taken?
Thanks,
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 8:59 Internal PC/external Gateway Sadus .
@ 2005-05-14 15:36 ` Jason Opperisano
2005-05-14 16:20 ` Sadus .
0 siblings, 1 reply; 11+ messages in thread
From: Jason Opperisano @ 2005-05-14 15:36 UTC (permalink / raw)
To: netfilter
On Sat, May 14, 2005 at 11:59:36AM +0300, Sadus . wrote:
> Hello,
> So here's my current setup at home.
> I control Provider 2. (which is not more than a simple box taking
> internet from provider 1 and that internet sharing enabled, restricted
> to the box' internal network and my IP which is on the external
> interface).
> I also control the Linux GW.
>
>
> +------------+
> | | |
> ----+ Provider 1 +-------
> __ | | | /
> PC1__/ \_ +------+-------+ | +------------+ |
> _/ \__ | | | /
> / \ | | | |
> | Local network -----+Linux GW eth0|- |Internet
> \_ __/ | | | |
> \__ __/ | | | \
> PC2 \___/ +------+-------+ | +------------+ |
> | | | \
> ----+ Provider 2 +-------
> | | |
> +------------+
how about following the instructions in the document you copied that
ASCII art from [1]?
to paraphrase the openbsd folks, "don't ask how to do something, explain
to us what you've done and where you got stuck."
-j
[1]: http://lartc.org/howto/lartc.rpdb.multiple-links.html
--
"Stewie: For God's sake, shake me. Shake me like a British nanny."
--Family Guy
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 15:36 ` Jason Opperisano
@ 2005-05-14 16:20 ` Sadus .
2005-05-14 16:41 ` Jason Opperisano
0 siblings, 1 reply; 11+ messages in thread
From: Sadus . @ 2005-05-14 16:20 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
The Multi routing doc is another scenario that includes sharing or load
balancing between 2 providers to the same machine, that's not what i
want.
I tried using iproute2 and iptables (SNAT), but i just don't know what
to set as default gw for PC2, since PC2 can't see Provider 2 unless the
gateway of PC2 is the Linux GW (since it got ipforward).
thanks
On Sat, 2005-05-14 at 11:36 -0400, Jason Opperisano wrote:
> On Sat, May 14, 2005 at 11:59:36AM +0300, Sadus . wrote:
> > Hello,
> > So here's my current setup at home.
> > I control Provider 2. (which is not more than a simple box taking
> > internet from provider 1 and that internet sharing enabled, restricted
> > to the box' internal network and my IP which is on the external
> > interface).
> > I also control the Linux GW.
> >
> >
> > +------------+
> > | | |
> > ----+ Provider 1 +-------
> > __ | | | /
> > PC1__/ \_ +------+-------+ | +------------+ |
> > _/ \__ | | | /
> > / \ | | | |
> > | Local network -----+Linux GW eth0|- |Internet
> > \_ __/ | | | |
> > \__ __/ | | | \
> > PC2 \___/ +------+-------+ | +------------+ |
> > | | | \
> > ----+ Provider 2 +-------
> > | | |
> > +------------+
>
> how about following the instructions in the document you copied that
> ASCII art from [1]?
>
> to paraphrase the openbsd folks, "don't ask how to do something, explain
> to us what you've done and where you got stuck."
>
> -j
>
> [1]: http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> --
> "Stewie: For God's sake, shake me. Shake me like a British nanny."
> --Family Guy
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 16:20 ` Sadus .
@ 2005-05-14 16:41 ` Jason Opperisano
2005-05-14 17:01 ` Sadus .
0 siblings, 1 reply; 11+ messages in thread
From: Jason Opperisano @ 2005-05-14 16:41 UTC (permalink / raw)
To: netfilter
On Sat, May 14, 2005 at 07:20:33PM +0300, Sadus . wrote:
> The Multi routing doc is another scenario that includes sharing or load
> balancing between 2 providers to the same machine, that's not what i
> want.
>
> I tried using iproute2 and iptables (SNAT), but i just don't know what
> to set as default gw for PC2, since PC2 can't see Provider 2 unless the
> gateway of PC2 is the Linux GW (since it got ipforward).
>
> thanks
something like:
echo 201 T1 >> /etc/iproute2/rt_tables
echo 202 T2 >> /etc/iproute2/rt_tables
ip route add default via $P1 table T1
ip route add default via $P2 table T2
ip rule add from $PC1 table T1
ip rule add from $PC2 table T2
ip route flush cache
with this packets from $PC1 will be routed via $P1, and packets from
$PC2 will be routed via $P2. you can set the default gateway of the
linux GW to whichever you prefer.
i am assuming in this scenario that both PC1 and PC2 are being SNAT-ed
to the IP of Linux GW's eth0 interface, and that is OK with P1 and P2.
the default gateway of both PC1 and PC1 is just the internal IP of Linux
GW, in any case.
-j
--
"Brian: Peter, did you read the fine print on this loan contract?
Peter: If by "read", you mean "imagine the naked lady", then yes."
--Family Guy
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 16:41 ` Jason Opperisano
@ 2005-05-14 17:01 ` Sadus .
2005-05-14 17:26 ` Jason Opperisano
0 siblings, 1 reply; 11+ messages in thread
From: Sadus . @ 2005-05-14 17:01 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
this is after your email my current setup.
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.2.2.1
iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT --to
192.168.0.141
and
#!/bin/bash
IF1=eth0
#Provider 1
P1=10.2.2.1
#Provider 2
P2=192.168.0.173
ip route add default via $P2 table T2
ip rule add from 192.168.1.3 table T2
ip route flush cache
can't i keep it like that? or i have to set T1 too?
thanks.
On Sat, 2005-05-14 at 12:41 -0400, Jason Opperisano wrote:
> On Sat, May 14, 2005 at 07:20:33PM +0300, Sadus . wrote:
> > The Multi routing doc is another scenario that includes sharing or load
> > balancing between 2 providers to the same machine, that's not what i
> > want.
> >
> > I tried using iproute2 and iptables (SNAT), but i just don't know what
> > to set as default gw for PC2, since PC2 can't see Provider 2 unless the
> > gateway of PC2 is the Linux GW (since it got ipforward).
> >
> > thanks
>
> something like:
>
> echo 201 T1 >> /etc/iproute2/rt_tables
> echo 202 T2 >> /etc/iproute2/rt_tables
>
> ip route add default via $P1 table T1
> ip route add default via $P2 table T2
>
> ip rule add from $PC1 table T1
> ip rule add from $PC2 table T2
>
> ip route flush cache
>
> with this packets from $PC1 will be routed via $P1, and packets from
> $PC2 will be routed via $P2. you can set the default gateway of the
> linux GW to whichever you prefer.
>
> i am assuming in this scenario that both PC1 and PC2 are being SNAT-ed
> to the IP of Linux GW's eth0 interface, and that is OK with P1 and P2.
>
> the default gateway of both PC1 and PC1 is just the internal IP of Linux
> GW, in any case.
>
> -j
>
> --
> "Brian: Peter, did you read the fine print on this loan contract?
> Peter: If by "read", you mean "imagine the naked lady", then yes."
> --Family Guy
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 17:01 ` Sadus .
@ 2005-05-14 17:26 ` Jason Opperisano
2005-05-14 18:30 ` Sadus .
0 siblings, 1 reply; 11+ messages in thread
From: Jason Opperisano @ 2005-05-14 17:26 UTC (permalink / raw)
To: netfilter
On Sat, May 14, 2005 at 08:01:22PM +0300, Sadus . wrote:
> this is after your email my current setup.
>
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.2.2.1
> iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT --to
> 192.168.0.141
um--that second rule will never match, assuming the packets from
192.168.1.3 are being routed out eth0--which from your OP it is. put
the rule for 192.168.1.3 first.
> #!/bin/bash
>
> IF1=eth0
>
> #Provider 1
> P1=10.2.2.1
is the IP address of P1's router 10.2.2.1, or is the IP of the linux
gateway on eth0 10.2.2.1? you're using the same IP in your SNAT rule
and routing table--one of them is wrong.
> #Provider 2
> P2=192.168.0.173
>
> ip route add default via $P2 table T2
> ip rule add from 192.168.1.3 table T2
> ip route flush cache
>
> can't i keep it like that? or i have to set T1 too?
setting up T1 is for completeness, and for the benefit of the roughly 6
people on the planet that actually search ML archives instead of posting
the same 5 questions over and over and over and over and over again. T1
is not strictly necessary in your specific case.
the devil is in the details--if you're not sure of what specific IP's
need to go where--you need to tell us what's what. the output of
'ip -4 -o addr sh' on the linux gw would help, the IP's of the P1 and
P2 routers would help, and the IP's of PC1 and PC2 would help.
-j
--
"Meg: Dad, if I don't get my driver's license, I'll never have any
boyfriends, I'll never get married and I'll have to adopt a kid like
Rosie O'Donnell.
Peter: Meg... are you implying that Rosie O'Donnell cant drive?"
--Family Guy
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 17:26 ` Jason Opperisano
@ 2005-05-14 18:30 ` Sadus .
2005-05-14 19:00 ` Jason Opperisano
0 siblings, 1 reply; 11+ messages in thread
From: Sadus . @ 2005-05-14 18:30 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
Before continuing, thanks alot for your help.
+------------+
| | |
----+ Provider 1 +-------
192.168.1.2 | | 10.2.2.1 | /
PC1__/ \_ +------+-------+ | +------------+ |
_/ \__ | | | /
/ \ | 10.2.2.253 | | |
| Local network -----+Linux GW eth0|- |Internet
\_ __/ |192.168.0.141 | |
\__ __/ | | | \
PC2 \___/ +------+-------+ | +------------+ |
192.168.1.3 | | | \
----+ Provider 2 +-------
|192.168.0.173 |
+------------+
so a little reminder. i just want 192.168.1.3 to take Internet from
192.168.0.173
my GW has as you see has 2 IPs in eth0, and i can reach both of my
Providers with that setup.
btw, is there any article to read about the priority of rules while
writing an iptables script?
best regards,
On Sat, 2005-05-14 at 13:26 -0400, Jason Opperisano wrote:
> On Sat, May 14, 2005 at 08:01:22PM +0300, Sadus . wrote:
> > this is after your email my current setup.
> >
> > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.2.2.1
> > iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT --to
> > 192.168.0.141
>
> um--that second rule will never match, assuming the packets from
> 192.168.1.3 are being routed out eth0--which from your OP it is. put
> the rule for 192.168.1.3 first.
>
> > #!/bin/bash
> >
> > IF1=eth0
> >
> > #Provider 1
> > P1=10.2.2.1
>
> is the IP address of P1's router 10.2.2.1, or is the IP of the linux
> gateway on eth0 10.2.2.1? you're using the same IP in your SNAT rule
> and routing table--one of them is wrong.
>
> > #Provider 2
> > P2=192.168.0.173
> >
> > ip route add default via $P2 table T2
> > ip rule add from 192.168.1.3 table T2
> > ip route flush cache
> >
> > can't i keep it like that? or i have to set T1 too?
>
> setting up T1 is for completeness, and for the benefit of the roughly 6
> people on the planet that actually search ML archives instead of posting
> the same 5 questions over and over and over and over and over again. T1
> is not strictly necessary in your specific case.
>
> the devil is in the details--if you're not sure of what specific IP's
> need to go where--you need to tell us what's what. the output of
> 'ip -4 -o addr sh' on the linux gw would help, the IP's of the P1 and
> P2 routers would help, and the IP's of PC1 and PC2 would help.
>
> -j
>
> --
> "Meg: Dad, if I don't get my driver's license, I'll never have any
> boyfriends, I'll never get married and I'll have to adopt a kid like
> Rosie O'Donnell.
> Peter: Meg... are you implying that Rosie O'Donnell cant drive?"
> --Family Guy
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 18:30 ` Sadus .
@ 2005-05-14 19:00 ` Jason Opperisano
2005-05-14 23:52 ` Sadus .
0 siblings, 1 reply; 11+ messages in thread
From: Jason Opperisano @ 2005-05-14 19:00 UTC (permalink / raw)
To: netfilter
On Sat, May 14, 2005 at 09:30:10PM +0300, Sadus . wrote:
> Before continuing, thanks alot for your help.
>
> +------------+
> | | |
> ----+ Provider 1 +-------
> 192.168.1.2 | | 10.2.2.1 | /
> PC1__/ \_ +------+-------+ | +------------+ |
> _/ \__ | | | /
> / \ | 10.2.2.253 | | |
> | Local network -----+Linux GW eth0|- |Internet
> \_ __/ |192.168.0.141 | |
> \__ __/ | | | \
> PC2 \___/ +------+-------+ | +------------+ |
> 192.168.1.3 | | | \
> ----+ Provider 2 +-------
> |192.168.0.173 |
> +------------+
>
> so a little reminder. i just want 192.168.1.3 to take Internet from
> 192.168.0.173
> my GW has as you see has 2 IPs in eth0, and i can reach both of my
> Providers with that setup.
>
> btw, is there any article to read about the priority of rules while
> writing an iptables script?
yeah--first match wins for all terminating targets. a good tutorial in
general is:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
so it looks like we need:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 \
-j SNAT --to 10.2.2.253
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.3 \
-j SNAT --to 192.168.0.141
echo 202 T2 >> /etc/iproute2/rt_tables
ip route add default via 192.168.0.173 table T2
ip rule add from 192.168.1.3 table T2
ip route flush cache
hope this helps...
-j
--
"Spectator #1: Oh my God. I'm so offended. I'm going to do something
about this.
Spectator #2: Mike, there's not really anything you can do.
Spectator #1: Wow, you're right. I guess I'm just going to have to
develop a sense of humor, huh?"
--Family Guy
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 19:00 ` Jason Opperisano
@ 2005-05-14 23:52 ` Sadus .
2005-05-16 21:48 ` Jason Opperisano
0 siblings, 1 reply; 11+ messages in thread
From: Sadus . @ 2005-05-14 23:52 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
When i run this:
ip rule add from 192.168.1.3 table T2
i get this error:
RTNETLINK answers: Invalid argument
On Sat, 2005-05-14 at 15:00 -0400, Jason Opperisano wrote:
> On Sat, May 14, 2005 at 09:30:10PM +0300, Sadus . wrote:
> > Before continuing, thanks alot for your help.
> >
> > +------------+
> > | | |
> > ----+ Provider 1 +-------
> > 192.168.1.2 | | 10.2.2.1 | /
> > PC1__/ \_ +------+-------+ | +------------+ |
> > _/ \__ | | | /
> > / \ | 10.2.2.253 | | |
> > | Local network -----+Linux GW eth0|- |Internet
> > \_ __/ |192.168.0.141 | |
> > \__ __/ | | | \
> > PC2 \___/ +------+-------+ | +------------+ |
> > 192.168.1.3 | | | \
> > ----+ Provider 2 +-------
> > |192.168.0.173 |
> > +------------+
> >
> > so a little reminder. i just want 192.168.1.3 to take Internet from
> > 192.168.0.173
> > my GW has as you see has 2 IPs in eth0, and i can reach both of my
> > Providers with that setup.
> >
> > btw, is there any article to read about the priority of rules while
> > writing an iptables script?
>
> yeah--first match wins for all terminating targets. a good tutorial in
> general is:
>
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
>
> so it looks like we need:
>
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 \
> -j SNAT --to 10.2.2.253
> iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.3 \
> -j SNAT --to 192.168.0.141
>
> echo 202 T2 >> /etc/iproute2/rt_tables
>
> ip route add default via 192.168.0.173 table T2
>
> ip rule add from 192.168.1.3 table T2
>
> ip route flush cache
>
> hope this helps...
>
> -j
>
> --
> "Spectator #1: Oh my God. I'm so offended. I'm going to do something
> about this.
> Spectator #2: Mike, there's not really anything you can do.
> Spectator #1: Wow, you're right. I guess I'm just going to have to
> develop a sense of humor, huh?"
> --Family Guy
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-14 23:52 ` Sadus .
@ 2005-05-16 21:48 ` Jason Opperisano
2005-05-17 12:55 ` Sadus .
0 siblings, 1 reply; 11+ messages in thread
From: Jason Opperisano @ 2005-05-16 21:48 UTC (permalink / raw)
To: netfilter
On Sun, May 15, 2005 at 02:52:44AM +0300, Sadus . wrote:
> When i run this:
> ip rule add from 192.168.1.3 table T2
>
> i get this error:
> RTNETLINK answers: Invalid argument
did you:
echo 202 T2 >> /etc/iproute2/rt_tables
if you haven't i believe your error would be more along the lines of
'Error: argument "T2" is wrong: invalid table ID'
does this give you the same error:
ip rule add from 192.168.1.3 table main
if so--verify that your kernel was compiled with:
CONFIG_IP_ADVANCED_ROUTER=y
if not--i don't believe you will be able to do policy routing until you
recompile your kernel with the proper options set.
-j
--
"Stewie: Yes, I rather like this God fellow. He's very theatrical, you
know, a pestilence here, a plague there. Omnipotence. Gotta get me some
of that."
--Family Guy
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Internal PC/external Gateway
2005-05-16 21:48 ` Jason Opperisano
@ 2005-05-17 12:55 ` Sadus .
0 siblings, 0 replies; 11+ messages in thread
From: Sadus . @ 2005-05-17 12:55 UTC (permalink / raw)
To: Jason Opperisano; +Cc: netfilter
Seems to be running smoothly. Thanks
On Mon, 2005-05-16 at 17:48 -0400, Jason Opperisano wrote:
> On Sun, May 15, 2005 at 02:52:44AM +0300, Sadus . wrote:
> > When i run this:
> > ip rule add from 192.168.1.3 table T2
> >
> > i get this error:
> > RTNETLINK answers: Invalid argument
>
> did you:
>
> echo 202 T2 >> /etc/iproute2/rt_tables
>
> if you haven't i believe your error would be more along the lines of
> 'Error: argument "T2" is wrong: invalid table ID'
>
> does this give you the same error:
>
> ip rule add from 192.168.1.3 table main
>
> if so--verify that your kernel was compiled with:
>
> CONFIG_IP_ADVANCED_ROUTER=y
>
> if not--i don't believe you will be able to do policy routing until you
> recompile your kernel with the proper options set.
>
> -j
>
> --
> "Stewie: Yes, I rather like this God fellow. He's very theatrical, you
> know, a pestilence here, a plague there. Omnipotence. Gotta get me some
> of that."
> --Family Guy
>
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2005-05-17 12:55 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-14 8:59 Internal PC/external Gateway Sadus .
2005-05-14 15:36 ` Jason Opperisano
2005-05-14 16:20 ` Sadus .
2005-05-14 16:41 ` Jason Opperisano
2005-05-14 17:01 ` Sadus .
2005-05-14 17:26 ` Jason Opperisano
2005-05-14 18:30 ` Sadus .
2005-05-14 19:00 ` Jason Opperisano
2005-05-14 23:52 ` Sadus .
2005-05-16 21:48 ` Jason Opperisano
2005-05-17 12:55 ` Sadus .
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox