Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I have 2 internet connections at my home, a dsl connection with speeds of ~700kbit up and ~130kbit down with pings in the 60-100 range and a satellite connection with 1.5mbit down 256kbit up but pings are in the 2000s. I've got some static routes that i have set up, such as for all connections to distfiles.gentoo.org, i use the sat connection. I've tried setting up 2 default routes with
ip route add default via $DSLGW dev eth1
ip route add default via $SATGW dev eth3
But it just uses one conection and I can't figure out how it selects the one it's going to use because sometimes it sticks to one of them and then sometimes the other.
I've tried load balancing with the command
ip route add default nexthop via $DSLGW dev eth1 weight 1 \
nexthop via $SATGW dev eth3 weight 1
but that always ends up using nothing but the sat interface. Is there a way to use iptables to help control routing, ex. all traffic with dest port 21 goes to sat and traffic with dest port 22 goes to dsl?
and What am i doing wrong on the load balancing end, i've tried messing with the weights, but that don't seem to bother it at all...
Unfortunately, what you are trying for is not readily achievable with plain-vanilla routing. The route table only allows for one default route, as you have observed. (If you put more in, it only uses the first one.)
But all is not lost; it might be possible to do this with two servers: put the daemons for interactive services on one machine, and attach it to the Internet via the DSL (low-delay) link, making the default route point out the DSL interface.
Put the daemons for the bulk-transfer services on the second machine, and attach it to the Internet through the satellite (high-capacity) link, making its default route point out the satellite interface. Then attach the two machines to one another over an ethernet, and configure NAT so that you have a private network on the Ethernet.
Finally, set up port forwarding on each machine so that traffic is forwarded to each daemon on the right machine. What this lash-up accomplishes is port-specific routing, which is what I think you were aiming for.
[For extra credit, you might be able to figure out how to do this all on one physical machine using the Xen virtual machine stuff. But I haven't thought that one through all the way .]
ok, what if I were to install a proxy, ex squid, and bind it to the sat interface. Then redirect all traffic inbound from the internal network on lets say port 21, and redirect it into port 3128, will this work? or will the data get out correcty but not back in?
I have no experience with proxy servers. What I was thinking of was to use the iptables NAT facility to do the port redirection.
After thinking this through for your situation, I have realized that the scheme will not work: direct port redirection using the DNAT facility in the NAT table will get the packets for a particular service directed to the right server, but that server will always reply on its default route. This will confuse the request initiator almightily, because it will receive a reply from an IP address that it was not expecting to hear from, and will almost certainly get confused.
Sorry for the misdirection. I guess I will have to go learn about proxy servers myself.
Over the course of the afternoon, I have thought some more about the underlying problem you have posed, and have come up with two (simpler, I hope) possible approaches:
1. Since you have two IP addresses, you might be able to arrange for incoming connections to arrive only through the link with the right properties by advertising a DNS hostname for each service with the IP address you would like clients to use. As an extension, you could even field two servers, each with one public IP address, with the daemons for the appropriate services running only on the right server. (This adds hardware, to keep from having to configure each daemon to listen only on the IP address you want to be used.
This does not, however, deal with outbound service requests.
2. For outbound connections (where you originate the connection to a remote server) and want the responding daemon to use one or the other IP address, you can use the iptables port-mapping functions; in those cases, the rule in the nat table PREROUTING chain should match only packets whose source address is the wrong IP address and whose source port is the port in question. Such packets should be remapped to the right source address:same_port. The responder will use that address for response, and you are off and running. Unfortunately, you will have to create such rules differently for each of your public IP addresses, and, if you go with the two-system scheme, some rules will have to be unique on each machine.
That is correct. The only sorts of rules that you can use to alter the routing behavior are in the PREROUTING table; changes you make there to the IP address will be used by the routing code, but the change will be kept as the packet goes out wherever the routing table says it should go. It might be possible to insert a rule into the POSTROUTING table that would change the IP address again, but I do not know of a way to save the original IP address and pass it from before the PREROUTING process over to the POSTROUTING process.