From: Alexander Samad <alex@samad.com.au>
To: netfilter@lists.netfilter.org
Subject: Re: Two link adsl on the same server
Date: Wed, 11 May 2005 09:58:28 +1000 [thread overview]
Message-ID: <20050510235828.GJ15049@samad.com.au> (raw)
In-Reply-To: <4280EA95.8020306@phreaker.net>
[-- Attachment #1: Type: text/plain, Size: 4491 bytes --]
On Wed, May 11, 2005 at 01:08:37AM +0800, ro0ot wrote:
> Below is only examples: -
>
> First, include this in /etc/iproute2/rt_tables as below: -
>
> 201 http.out
> 202 ftp.out
> 203 smtp.out
> 204 pop3.out
>
> Next, include this in a preferred executable file such as
> /usr/local/bin/rc.routing as below: -
>
> #!/bin/sh
>
> # first ISP
> ip route add 1.1.1.68/30 dev eth2 src 1.1.1.70 table 1
> ip route add default via 1.1.1.69 table 1
>
> # second ISP
> ip route add 2.2.2.116/30 dev eth4 src 2.2.2.118 table 2
> ip route add default via 2.2.2.117 table 2
you also need to add the local routes in these tables as well, otherwise
they will not be able to talk inside !
>
> ip rule add from 1.1.1.70 table 1
> ip rule add from 2.2.2.118 table 2
>
> ip route add 172.17.0.0/16 dev eth1 table 1
> ip route add 2.2.2.116/30 dev eth4 table 1
>
> ip route add 172.17.0.0/16 dev eth1 table 2
> ip route add 1.1.1.68/30 dev eth2 table 2
>
> ip route add default scope global nexthop via 1.1.1.70 dev eth2 nexthop
> via 2.2.2.118 dev eth4
>
> ip rule add fwmark 1 table http.out
> ip rule add fwmark 2 table ftp.out
> ip rule add fwmark 3 table smtp.out
> ip rule add fwmark 4 table pop3.out
>
> ip route add default via 1.1.1.69 dev eth2 table http.out
> ip route add default via 1.1.1.69 dev eth2 table ftp.out
>
> ip route add default via 2.2.2.117 dev eth4 table smtp.out
> ip route add default via 2.2.2.117 dev eth4 table pop3.out
>
> Next, include this in a preferred executable file such as
> /usr/local/bin/rc.firewall as below: -
>
> #!bin/sh
>
> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 1.1.1.70
> iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 2.2.2.118
>
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK
> --set-mark 1
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK
> --set-mark 2
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 25 -j MARK
> --set-mark 3
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 110 -j MARK
> --set-mark 4
>
> Hope it helps...
>
> Regards,
> ro0ot
>
>
> Sebasti?o Ant?nio Campos (GWA) wrote:
>
> >Hi!
> >
> >We have two ADSL link on the same server and we'd like to use load balance.
> >
> >I tried to used, but I didn't have success.
> >
> >I use on eth1 172.17.1.6 mask 255.255.0.0 my local network;
> >on eth2 my first ADSL 200.168.1.19 mask 255.255.255.192 default gw
> >200.204.140.1
> >on eth4 my first ADSL 200.204.140.10 mask 255.255.255.192 default gw
> >200.179.1.1
> >
> >This IP are static.
> >
> >On my local network I have two servers (E-mail server and one web server)
> >and I need to PREROUTING with DNAT.
> >
> >And we would like to separate the port 80 and 21 using one link on eth0
> >and the port 25 and 110 other link eth4 and other ports eth0 or eth4 link.
> >
> >My files:
> >
> >My ifcfg-ethx files:
> >
> >#NIC SIS on board, usando link1 ADSL
> >DEVICE=eth0
> >ONBOOT=yes
> >#BOOTPROTO=dhcp
> >BOOTPROTO=static
> >BROADCAST=200.168.1.63
> >IPADDR=200.168.1.19
> >NETMASK=255.255.255.192
> >NETWORK=200.168.1.0
> >#GATEWAY=200.168.1.1
> >___________________________________________________________
> >#Placa Realtek, Uso Local, slot 1
> >DEVICE=eth1
> >ONBOOT=yes
> >BOOTPROTO=static
> >IPADDR=172.17.1.6
> >BROADCAST=172.17.255.255
> >NETMASK=255.255.0.0
> >NETWORK=172.17.0.0
> >________________________________________________________
> >#NIC Realtek, link 2 ADSL
> >DEVICE=eth4
> >ONBOOT=yes
> >BOOTPROTO=static
> >BROADCAST=200.204.140.63
> >IPADDR=200.204.140.10
> >NETMASK=255.255.255.192
> >NETWORK=200.204.140.0
> >
> >_________________________________________________
> >file /etc/sysconfig/network
> >
> >NETWORKING=yes
> >HOSTNAME=rbz-firewall
> >#GATEWAY=200.168.1.1
> >GATEWAY=200.204.140.1
> >___________________________________________________
> >file /etc/iproute2/rt_tables
> >
> >#
> ># reserved values
> >#
> >#255 local
> >#254 main
> >#253 default
> >#0 unspec
> >
> >#
> ># local
> >#
> >#1 inr.ruhep
> >
> >
> >Could some one help me??
> >
> >Thanks
> >
> >
> >Sebasti?o Ant?nio Campos
> >Infojoi Computadores Ltda
> >89.224-000 Joinville -SC - R. Iriri?, 3587
> >Cml. (47) 437-0796 - Cel. (47) 9927-5349
> >tiao@infojoi.com.br
> >http://www.lupusnet.com.br
> >
> >
> >
> >
>
>
>
>
>
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-05-10 23:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-10 16:32 Two link adsl on the same server Sebastião Antônio Campos (GWA)
2005-05-10 17:08 ` ro0ot
2005-05-10 23:58 ` Alexander Samad [this message]
2005-05-11 14:46 ` ro0ot
2005-05-11 5:37 ` Sebastião Antônio Campos (GWA)
2005-05-11 7:22 ` Christoph Georgi
2005-05-10 17:30 ` Eduardo Spremolla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050510235828.GJ15049@samad.com.au \
--to=alex@samad.com.au \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox