Router with 2 public interfaces

Router with 2 public interfaces

[Flávio Costa]

Hi.

I have a router with 3 interfaces. One is connected to an internal
LAN. The other 2 are connected to internet.

I have the following interfaces:

eth0 -> (internal ex. 192.168.0.1)
eth1 -> (fixed ex. 200.213.105.108)
eth2 -> (dynamic ex. 201.10.10.11)

The default route is configured for interface eth2.

Inside LAN I have a webserver listening on 192.168.0.10:80

People reaching my webserver by interface eth2 is all working fine.

When someone connect to webserver by interface eth1 I doesn't work,
because packets go back by default route (eth2), which is not the same
they arrive (eth1).

I tried marking packets and forcing transverse by original interface,
but it does not worked.

Can someone give me an example of "iptable" and "ip" commands to
configure this? I do not want balanced traffic, because in future I
may block incoming requests to eth2 and keep it default route to
people in LAN connect to webservers by that interface, which is less
expensive.

Thanks in advance

Flavio Costa

Re: Router with 2 public interfaces

[Thomas Bätzler]

Flávio Costa wrote:
[...]
> When someone connect to webserver by interface eth1 I doesn't work,
> because packets go back by default route (eth2), which is not the same
> they arrive (eth1).

This is a late answer but maybe it's still helpful:

#!/bin/sh

ETH1_GW="xxx.xxx.xxx.xxx"
ETH1_IP="xxx.xxx.xxx.yyy"

iptables -t mangle -F

ip route flush table 4

ip route show table main | grep -Ev ^default | while read ROUTE ; do
   ip route add table 4 $ROUTE
done

ip route add table 4 default via $ETH1_GW

iptables -t mangle -A OUTPUT -s $ETH1_IP -j MARK --set-mark 4

ip rule add fwmark 4 table 4
ip route flush cache

HTH,
Thomas