IPMasq using a cable and DSl modem

smurf · 02-26-2002, 06:59 PM

Hi every1,

My situation is:-

I have a redhat 7 server sharing the web for 5 internal pc's using a cable modem. I want to have 2 internet connections
1. cable modem 512/128
2. DSL modem 512/512

the reason for this is so that i can download, run a ftp and games server on the DSL connection, whilst playing the online games and generally browsing the web in the cable modem

There is 5 of us in the house and they all complain at each other when the internet and online games or slow due to some1 else downloading.

Can this be done using ipchains, I havent had time to look into it at the moment. just wondering if any1 has done this r knows of any goods link.

cheers

bbenz3 · 02-26-2002, 09:56 PM

Everywhere I have seen people are making the move to iptables. It is built into redhat 7.x and is supposed to be better than ipchains. I have a script that almost works using the latest redhat kernel and iptables 1.2.4 but I can't get it to send some IPs to oen et NIC and the other int IPs to the other ext NIC.
If you would like to look at my script let me know. It does a full firewall and the routing. currently it only routes (forwards) through one or the other ext NIC.

smurf · 02-27-2002, 05:41 AM

I dont know about upgrading to Iptables, I have read articles that companies wont upgrade to iptabels cos its a unproven technology, unlike ipchains which has been out years.
And the down time for the upgrade to redhat 7.2 will get me killed by the other guys in the house.

I thought it would be possible to forward different ports to different modems using ipchains.

I'll have a look at the script though it may convince me to upgrade
if u would email it papa_smurf14@hotmail.com

Smurf

bbenz3 · 02-28-2002, 10:00 PM

I got it to work using iptables fianlly.

Here is what I did.

iptables -t nat POSTROUTING -p all -d 0/0 -s <ip address of one> -j SNAT --to-source <ip addy of first external nic>

iptables -t nat POSTROUTING -p all -d 0/0 -s 0/0 -j SNAT --to-source <ip address of second external nic>

and add as many of these as you need.
What I would do is the following:
use line 1 to do the ftp server and game server to eth1
and then
the second line sends all other int ips through the second IP eth2

eth1 --> DSL
eth2 --> cable modem

jimval7 · 03-03-2002, 02:38 PM

I used to have my firewall on Red Hat 6.2 and I would use ipchains for over a year, i liked the way it worked the only issue was that every time i wanted to forward a port for an Internal computer I had to update my rc.firewall script and rerun it or reboot, I also live in a house with 5 computers, so that used to get tidious.

Since then, I upgraded to Red Hat 7.0 and i started using iptables, and I like it a whole lot better, not just like it but PREFER it. It's more secure and more flexible, plus you can do natting too.

smurf · 03-04-2002, 07:36 AM

thanks for replying

1. in the line

Code:

iptables -t nat POSTROUTING -p all -d 0/0 -s <ip address of one> -j SNAT --to-source <ip addy of first external nic>

You state "<ip address of one>" is this the address of eth0 (e.g. LAN 192.168.1.1) ?

2. I cant see the code that will allow me to upload and download (ftp) using the dsl connection whilst browsing the web and playing online games on the cable connection.

thnx

bbenz3 · 03-04-2002, 12:43 PM

ip address of one

stands for the IP of one of the int comps (ie the IP of the ftp server) and then then

ip addy of first external nic

stands for the IP of your NIC that is on the DSL modem or cable modem depending on which you want to use.

the way i would setup your account is as follows:

assuming this
eth0 int lan
eth1 ext dsl modem IP of (IP for ex is going to be xx.xx.xx.xx)
eth2 cable modem (IP for ex is going to be yy.yy.yy.yy)

ftp server's IP --> 192.168.168.20
game server's IP --> 192.168.168.25

iptables -t nat POSTROUTING -p all -d 0/0 -s 192.168.168.20 -j SNAT --to-source xx.xx.xx.xx

iptables -t nat POSTROUTING -p all -d 0/0 -s 192.168.168.25 -j SNAT --to-source xx.xx.xx.xx

that takes care of the two servers. now for the rest of the systems we use the following:

iptables -t nat POSTROUTING -p all -d 0/0 -s 0/0 -j SNAT --to-source yy.yy.yy.yy

now if you IP s change all of the time you need to get those to be able to use them.

the way you set that up is as follows:

INET_IFACE1="eth1"
INET_IFACE2="eth2"

IP_eth1=`ifconfig $INET_IFACE1 | grep "inet addr:" | \awk -F: {'print $2'} | cut -d\ -f 1`

IP_eth2=`ifconfig $INET_IFACE2 | grep "inet addr:" | \awk -F: {'print $2'} | cut -d\ -f 1`

then you would change the xx.xx.xx.xx to $IP_eth1
and the ys to IP_eth2

smurf · 03-05-2002, 03:37 AM

Very striaght forward instructions... thnx

Will try this when my dsl connection turns up