3 nic -s, 1 lan, 2 internet connections, ip based routing and gateway problems.

3 nic -s, 1 lan, 2 internet connections, ip based routing and gateway problems.

Post by Mart Pirit » Fri, 11 Apr 2003 16:05:51



Hello.

I have problem to solve, redhat 6.3 based linux router, 3 network cards,
eth1, 192.168.10.1 connected to switch, eth0 213.180.9.x connected to
one adsl bridge and eth0 213.34.9.x connected to another adsl bridge.

Users 192.168.10.2,  192.168.10.3,  192.168.10.4,  192.168.10.5 are
allowed use eth0 and users 192.168.10.10,  192.168.10.11,
192.168.10.12,  192.168.10.13 are allowed to use eth2 for internet
connection. So i made iptables nat rules:

$IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.2 -j SNAT
--to-source 213.180.9.x
$IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.3 -j SNAT
--to-source 213.180.9.x
$IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.4 -j SNAT
--to-source 213.180.9.x
$IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.5 -j SNAT
--to-source 213.180.9.x

$IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.10 -j SNAT
--to-source 213.34.9.x
$IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.11 -j SNAT
--to-source 213.34.9.x
$IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.12 -j SNAT
--to-source 213.34.9.x
$IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.13 -j SNAT
--to-source 213.34.9.x

But now i have routing problems, as both internet connections are
default route and i can use only one settings in /etc/syscondig/network:

GATEWAY="213.180.9.x"
GATEWAYDEV="eth0"

Is it possible to get it work, and if so, then how?

--
Mart

 
 
 

3 nic -s, 1 lan, 2 internet connections, ip based routing and gateway problems.

Post by Vincent Jaussau » Wed, 16 Apr 2003 00:04:12



> Hello.

Hi,

Quote:> I have problem to solve, redhat 6.3 based linux router, 3 network cards,
> eth1, 192.168.10.1 connected to switch, eth0 213.180.9.x connected to
> one adsl bridge and eth0 213.34.9.x connected to another adsl bridge.

I didn't noticed there was a RedHat 6.3 out :)
Quote:

> Users 192.168.10.2,  192.168.10.3,  192.168.10.4,  192.168.10.5 are
> allowed use eth0 and users 192.168.10.10,  192.168.10.11,
> 192.168.10.12,  192.168.10.13 are allowed to use eth2 for internet
> connection. So i made iptables nat rules:

> $IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.2 -j SNAT
> --to-source 213.180.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.3 -j SNAT
> --to-source 213.180.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.4 -j SNAT
> --to-source 213.180.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth0 -s 192.168.30.5 -j SNAT
> --to-source 213.180.9.x

> $IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.10 -j SNAT
> --to-source 213.34.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.11 -j SNAT
> --to-source 213.34.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.12 -j SNAT
> --to-source 213.34.9.x
> $IPTABLES -A POSTROUTING -t nat -o eth2 -s 192.168.30.13 -j SNAT
> --to-source 213.34.9.x

Drop this.
Simpy do:
$IPTABLES -A POSTROUTING -t nat -o eth0 -j SNAT --to-source 213.180.9.x
$IPTABLES -A POSTROUTING -t nat -o eth2 -j SNAT --to-source 213.34.9.x

You'll choose what default route within the routing policy setup. (see
below)

Quote:

> But now i have routing problems, as both internet connections are
> default route and i can use only one settings in /etc/syscondig/network:

> GATEWAY="213.180.9.x"
> GATEWAYDEV="eth0"

Yes, it's because, as a default, RH networks scripts only allow you one
default gateway. To use multiple default gateways, you'll need to use the
ip toolkit (comes by default with RedHat 7.x)

In /etc/iproute2/rt_tables, add the following lines:
100     adsl1   # This table will contains default routing through first adsl line
200     adsl2   # This table will contains default routing through 2nd adsl line
300     everything      # Everything else

Then, configure your routing policies as follow:
# We first ensure that the main table is always looked at first
ip rule add prio 50 lookup main

# Here we take care of those that should use first adsl link
ip rule add prio 100 from 192.168.10.2/32 lookup adsl1
ip rule add prio 100 from 192.168.10.3/32 lookup adsl1
ip rule add prio 100 from 192.168.10.4/32 lookup adsl1
ip rule add prio 100 from 192.168.10.5/32 lookup adsl1

# Then, we take care of those that should use 2nd adsl link
ip rule add prio 200 from 192.168.10.10/32 lookup adsl2
ip rule add prio 200 from 192.168.10.11/32 lookup adsl2
ip rule add prio 200 from 192.168.10.12/32 lookup adsl2
ip rule add prio 200 from 192.168.10.13/32 lookup adsl2

# Everything else will be looked at in the everything table.
ip rule add prio 300 lookup everything

# Now, let's setup the routing rules
# DSL Modem 1 routing
ip route add table adsl1 default via $DSL_MODEM1 dev eth0 src 213.180.9.x

# DSL Modem 2 routing
ip route add table adsl2 default via $DSL_MODEM2 dev eth2 src 213.34.9.x

# Default routing for everything else, through both links, used in a round -
# robin manner
ip route add table everything equalize default nexthop via $DSL_MODEM1 dev
eth0 nexthop via $DSL_MODEM2 dev eth2

# Don't forget to remove the old default route, in table main
ip route del table main default

In this setup, we instruct the kernel routing setup to looked at a default
route in table adsl1 for 192.168.10.2,  192.168.10.3,  192.168.10.4,
192.168.10.5, while we kernel will look for a default route in table adsl2
for 192.168.10.10,  192.168.10.11, 192.168.10.12,  192.168.10.13.

Any other hosts will be routed in a load-balancing manner over both links.

Note: You'll need Julian's kernel patches in order to make the NAT setup
works with load-balancing over multiple links (found at:
http://www.ssi.bg/~ja/#routes)

Quote:

> Is it possible to get it work, and if so, then how?

Yes, it is. See upon :)

--
----
Kelkoo Security Manager / Networks & Systems Architect