i have setup a linux mandrake 10.1 box to act as a route server to connect to the internet and also a nic connected to my local network with a simple script file so the local network can all access to the internet.

now i have just add a 2nd internet connection so i insert the 3rd nic to the linux box and wish the linux box distrubute the internet the local network so that all e-mail ( web mail and any pop and smtp) to use connection 1 and everythingelse to use connection 2... any1 have any idea how to do that? i did some research and they all seems to point out i need to set 2 table in iptables but didn't say how and where...

here the script i use currentely

********
IPTABLES =sbin/iptables

iptables -A POSTINGROUTING -t nat -o -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

iptables -A FORWARD -t filter -o eth0 -j ACCEPT

iptables -A FORWARD -t filter -i eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward
******

currentely all local computer can access the internet

original

---[intnernet]---[linux box]--[switch]---[local network]

wanted to changed to

---[internet1]---
>---[linux box]---[switch]---[local]
---[internet2]---

with rules that outgoing e-mail use internet 1 and all other outgoing ( web,ftp,anythingelse) use ftp2

also i am not running any internet server at the local network so i dun need to forward any port from linux box to the local network but i do have ssh and ftp server running on the linux box.

thx

Hi,

You've got to change this :
by :
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -p tcp --dport 80 -j SNAT --to-source $PULIC_IP1
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -p tcp --dport 22 -j SNAT --to-source $PULIC_IP2

in my exemple, all traffic to port 80 will be forwarded using the IP of ISP 1 and all traffic to port 22 using the IP of ISP 2.

thx i think that will do it

just a question could i do any fail safe ? like if conn 1 is down, everything use conn 2 and vice verses

also, just a question for port
if i want to allow web only, what port do i need? ( i know i need to allow dns and 80 atleast, is there anything else?)
and what if i want to allow e-mail only ( 25,110 and dns, is just 3 enough?)

thx

only problem is that outbound traffic will still head out the default gateway interface (not beating on you though - it still works - just partially .

siulung, maybe down the track you might want to look at implementing Policy Routing on your box. There's an iptables module for it, just takes a little while to get your head around it - well, my head anyway It'll also help you build some path redundancy into your box incase of link/interface failure...

hope it helps.

ic guess i should spend some time go thu it...( hehe i guess it will take me a while)

also i cam across something at http://howtos.linux.com/howtos/Adv-R...le-links.shtml

it is a how-to for multiple uplink but i don't have enough background to understand it... it use the command ip and said using 2 table for the 2 connection, what is it different from using iptables script? or are they the same just different approch?

also what's the difference between iptables and iproute2?

thx

oh and bty how do i set different gateway?
coz if i go to network setting when i set it up i set different gateway for different ethernet card, but when i go to kde,system config,network it shows all eth0,1,2 all having eth0 gateway

and also is port 53 the only port need for dns? coz i was hoping that 1 of the connection will work on its on even if the other connection is down, so i need the e-mail port which i open 25 and 110 and 53 for dns... but somehow the dns don't seems to work, is there other port i need to open so that connection will work ?

thx

also can anyone recommand any network traffic monitor program with gui

ntop has a web interface, but isn't realtime.

iftop monitors bandwidth in realtime with an ncurses pseudo-gui.

Google for either.

Good luck.

-E

thx

Hi, I need almost the same solution as siulung.

The current situation is:
I have a cable modem connection which I connected using a NIC to an old Pentium II which runs coyotelinux floppy version (i am using it as a router). So this computer has another NIC which distributes the internet connection to my other 5 computers through a switch.

The problem:
The cable modem connection's ISP does not support FTP. Other than this, internet connection is very good and I don't want to change it. So, all the five computers can do everything except using FTP.

The solution I want:
I want to have an additional dialup connection specifically for FTP.

So,
all the five computers' FTP works will be through the dialup modem
all the five computers' other works will be through the cable modem NIC


I am ready to replace the pentium II running coyotelinux with a Pentium IV running RedHat 7.2 (if this is not ideal for the situation, I can use slackware, fedora etc). I want the Pentium IV to understand FTP and non-FTP data and use the dialup or cable modem accordingly.

This will possibly come under "policy routing" technique.
Please help me with a step-by-step guide to configure linux for this policy routing.