Two gateways only default gateway works.
Rowan
I have a firewall server running SuSE. I have two providers. Provider
A is a T-1 which has a route set up for VPN, and VOIP traffic. Then
there is Provider B which handles everything else. Currently Provider
A is set as my default gateway. with specific routes for networks
involving voip and VPN traffic. I would like to set up a DMZ interface
which uses Provider A however my http traffic is not responding
becuase everything is going back out through my default gateway. I've
read the iproute multilink how-to but coudl still use some guidance on
this one. Thanks.
prov-A
|
eth0
|
192.168.1.0/24 -----eth1--[]--------
| |
eth2 eth3(DMZ)
| |
provB provB
David Schwartz
> I have a firewall server running SuSE. I have two providers. Provider
> A is a T-1 which has a route set up for VPN, and VOIP traffic. Then
> there is Provider B which handles everything else. Currently Provider
> A is set as my default gateway. with specific routes for networks
> involving voip and VPN traffic. I would like to set up a DMZ interface
> which uses Provider A however my http traffic is not responding
> becuase everything is going back out through my default gateway. I've
> read the iproute multilink how-to but coudl still use some guidance on
> this one. Thanks.
You need to set up two routing tables, one for source IP addresses
assigned to you by provider A and one for source IP addresses assigned
to you by provider B. They should, of course, have different default
routes. Then you need to mark traffic based on which provider its
source IP address was assigned by and route according to the
appropriate table.
Where are you having issues?
habibielwa7id
Did you check http://lartc.org/howto/lartc.rpdb.multiple-links.html
And if you will do this. You will need this patch
http://www.ssi.bg/~ja/#routes
or you will have some disconnections through 1 or the 2 wan
connections, I tried this my self. I found before some written scripts
on-line that help you to do so, Search about it and I think you will
find it.
Rowan
>
> Where are you having issues?
for a while I thought it was a configuration issue. This is my first
time combining firewall and file/web servers. Initially I thought this
was a firewall config problem but after doing some trouble shooting it
appeared only my default gateway was serving traffic. I'm going
through the advanced routing HOW-TO and thing using the ip src config
on each 'if' as noted should work.
billbo
You need to install IPRoute2, this is policy based routing and the
only way you can accomplish port based routing in linux.
This is a sample setup to load balance 2 DSL lines and send port 25
and FTP(PASV) traffic through a t1. Was used to take advantage of
cheap DSL lines for downloading.
#!/bin/sh
PATH=/usr/bin:/bin:/sbin:/usr/sbin; export PATH
ip route add default via 192.168.0.1 dev eth1 table DSL
ip route add default via 192.168.0.2 dev eth0 table DSL2
ip route add default via 192.168.0.6 dev eth2 table TONE
ip route add equalize default nexthop via 192.168.0.2 dev eth0 weight
1 nexthop via 192.168.0.1 dev eth1 weight 1
ip rule add from all fwmark 2 table TONE
iptables -A POSTROUTING -t nat -o eth1 -j MASQUERADE
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A PREROUTING -t mangle -i eth1 -p tcp -m tcp --dport 80 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -i eth2 -p tcp -m multiport --dport
25,21,1500:1600 -j MARK --set-mark 0x2
iptables -A PREROUTING -t mangle -i eth1 -p tcp -m tcp --dport 143 -j
MARK --set-mark 0x4
iptables -A PREROUTING -t mangle -i eth1 -p tcp -m tcp --dport 110 -j
MARK --set-mark 0x5
iptables -A PREROUTING -t mangle -p tcp -m tcp -i eth0 --dport 80 -j
REDIRECT --to-ports 3128
exit 0