Howto setup one machine for specific ip pipe?

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Howto setup one machine for specific ip pipe?
@ 2009-02-28  0:01 sean darcy
  2009-02-28  0:07 ` Brian Austin - Standard Universal
  0 siblings, 1 reply; 4+ messages in thread
From: sean darcy @ 2009-02-28  0:01 UTC (permalink / raw)
  To: netfilter

I have an asterisk voip server in the local network. I have two outgoing 
connections, a large verizon pipe, and small, low latency pipe from 
broadview. I'd like traffic generally to use the verizon pipe, but 
traffic from the voip server should use the low latency broadview pipe.

I've set up table 128:

## eth0 is static to broadview
ETH0_IP_GATEWAY=xx.yy.zz.ww
ETH0_IP_ADDR=xxx.yy.zz.ww1
ip rule delete from $ETH0_IP_ADDR/32 table 128 priority 128
ip rule add    from $ETH0_IP_ADDR/32 table 128 priority 128
## this is the route through broadview gateway ip
ip route add default via $ETH0_IP_GATEWAY table 128

ip rule add    fwmark 0x1 table 128 prio 126

ip rule add    fwmark 0x2 table 128 prio 127

and then set-mark 0x1 to all packets from the voip server:

$IPT -t mangle -A PREROUTING -i eth1 \
   -s $AST_IP_ADDR -j MARK --set-mark 0x1

But the asterisk server can't access the internet. I assume the problem 
is that iptable server isn't NAT'ing the voip server. That is, it routes 
the packet out through the broadview pipe, but doesn't send any of the 
responses back to the asterisk server.

Any help appreciated.

sean

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Howto setup one machine for specific ip pipe?
  2009-02-28  0:01 Howto setup one machine for specific ip pipe? sean darcy
@ 2009-02-28  0:07 ` Brian Austin - Standard Universal
  2009-02-28  0:27   ` sean darcy
  0 siblings, 1 reply; 4+ messages in thread
From: Brian Austin - Standard Universal @ 2009-02-28  0:07 UTC (permalink / raw)
  To: sean darcy; +Cc: netfilter

which computers have IP addresses that are public/private?

b

sean darcy wrote:
> I have an asterisk voip server in the local network. I have two 
> outgoing connections, a large verizon pipe, and small, low latency 
> pipe from broadview. I'd like traffic generally to use the verizon 
> pipe, but traffic from the voip server should use the low latency 
> broadview pipe.
>
> I've set up table 128:
>
>
> ## eth0 is static to broadview
> ETH0_IP_GATEWAY=xx.yy.zz.ww
> ETH0_IP_ADDR=xxx.yy.zz.ww1
> ip rule delete from $ETH0_IP_ADDR/32 table 128 priority 128
> ip rule add    from $ETH0_IP_ADDR/32 table 128 priority 128
> ## this is the route through broadview gateway ip
> ip route add default via $ETH0_IP_GATEWAY table 128
>
> ip rule add    fwmark 0x1 table 128 prio 126
>
> ip rule add    fwmark 0x2 table 128 prio 127
>
> and then set-mark 0x1 to all packets from the voip server:
>
> $IPT -t mangle -A PREROUTING -i eth1 \
>   -s $AST_IP_ADDR -j MARK --set-mark 0x1
>
>
> But the asterisk server can't access the internet. I assume the 
> problem is that iptable server isn't NAT'ing the voip server. That is, 
> it routes the packet out through the broadview pipe, but doesn't send 
> any of the responses back to the asterisk server.
>
> Any help appreciated.
>
> sean
>
> -- 
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Howto setup one machine for specific ip pipe?
  2009-02-28  0:07 ` Brian Austin - Standard Universal
@ 2009-02-28  0:27   ` sean darcy
  2009-02-28  1:42     ` sean darcy
  0 siblings, 1 reply; 4+ messages in thread
From: sean darcy @ 2009-02-28  0:27 UTC (permalink / raw)
  To: Brian Austin - Standard Universal; +Cc: netfilter

Brian Austin - Standard Universal wrote:
> which computers have IP addresses that are public/private?
> 
> b
> 
> sean darcy wrote:
>> I have an asterisk voip server in the local network. I have two 
>> outgoing connections, a large verizon pipe, and small, low latency 
>> pipe from broadview. I'd like traffic generally to use the verizon 
>> pipe, but traffic from the voip server should use the low latency 
>> broadview pipe.
>>
>> I've set up table 128:
>>
>>
>> ## eth0 is static to broadview
>> ETH0_IP_GATEWAY=xx.yy.zz.ww
>> ETH0_IP_ADDR=xxx.yy.zz.ww1
>> ip rule delete from $ETH0_IP_ADDR/32 table 128 priority 128
>> ip rule add    from $ETH0_IP_ADDR/32 table 128 priority 128
>> ## this is the route through broadview gateway ip
>> ip route add default via $ETH0_IP_GATEWAY table 128
>>
>> ip rule add    fwmark 0x1 table 128 prio 126
>>
>> ip rule add    fwmark 0x2 table 128 prio 127
>>
>> and then set-mark 0x1 to all packets from the voip server:
>>
>> $IPT -t mangle -A PREROUTING -i eth1 \
>>   -s $AST_IP_ADDR -j MARK --set-mark 0x1
>>
>>
>> But the asterisk server can't access the internet. I assume the 
>> problem is that iptable server isn't NAT'ing the voip server. That is, 
>> it routes the packet out through the broadview pipe, but doesn't send 
>> any of the responses back to the asterisk server.
>>
>> Any help appreciated.
>>
>> sean
>>

The asterisk server has no public address. Everything goes through the 
one machine running iptables which has the two public addresses - 
verizon and broadvoice.

sean

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Howto setup one machine for specific ip pipe?
  2009-02-28  0:27   ` sean darcy
@ 2009-02-28  1:42     ` sean darcy
  0 siblings, 0 replies; 4+ messages in thread
From: sean darcy @ 2009-02-28  1:42 UTC (permalink / raw)
  To: netfilter

sean darcy wrote:
> Brian Austin - Standard Universal wrote:
>> which computers have IP addresses that are public/private?
>>
>> b
>>
>> sean darcy wrote:
>>> I have an asterisk voip server in the local network. I have two 
>>> outgoing connections, a large verizon pipe, and small, low latency 
>>> pipe from broadview. I'd like traffic generally to use the verizon 
>>> pipe, but traffic from the voip server should use the low latency 
>>> broadview pipe.
>>>
>>> I've set up table 128:
>>>
>>>
>>> ## eth0 is static to broadview
>>> ETH0_IP_GATEWAY=xx.yy.zz.ww
>>> ETH0_IP_ADDR=xxx.yy.zz.ww1
>>> ip rule delete from $ETH0_IP_ADDR/32 table 128 priority 128
>>> ip rule add    from $ETH0_IP_ADDR/32 table 128 priority 128
>>> ## this is the route through broadview gateway ip
>>> ip route add default via $ETH0_IP_GATEWAY table 128
>>>
>>> ip rule add    fwmark 0x1 table 128 prio 126
>>>
>>> ip rule add    fwmark 0x2 table 128 prio 127
>>>
>>> and then set-mark 0x1 to all packets from the voip server:
>>>
>>> $IPT -t mangle -A PREROUTING -i eth1 \
>>>   -s $AST_IP_ADDR -j MARK --set-mark 0x1
>>>
>>>
>>> But the asterisk server can't access the internet. I assume the 
>>> problem is that iptable server isn't NAT'ing the voip server. That 
>>> is, it routes the packet out through the broadview pipe, but doesn't 
>>> send any of the responses back to the asterisk server.
>>>
>>> Any help appreciated.
>>>
>>> sean
>>>
> 
> The asterisk server has no public address. Everything goes through the 
> one machine running iptables which has the two public addresses - 
> verizon and broadvoice.
> 
> sean

Solved. I needed to masquerade (or DNAT) both external interfaces.

So I had:

$IPT        -t nat -A POSTROUTING -o $VERIZONIF   -j MASQUERADE

but I needed to add:

$IPT -t nat -A POSTROUTING -o $BROADVIEWIF -j SNAT --to-source <my fixed 
ip address>

sean


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-02-28  1:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-28  0:01 Howto setup one machine for specific ip pipe? sean darcy
2009-02-28  0:07 ` Brian Austin - Standard Universal
2009-02-28  0:27   ` sean darcy
2009-02-28  1:42     ` sean darcy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox