Greetings to all,

I have the following:
1. A CentOS 5.1 box
2. Two internet connections from different ISPs.
3. Three network cards eth0 for one ISP, eth2 for another and eth1 for my local LAN
4. I have a squid caching proxy server


I would like help on the following:
1. I want to setup routing such that all my mail/pop3/imap traffic comes in and goes out via eth0 which has static IPs
2. I want to setup routing such that all web/ftp/normal browsing traffic comes in and goes out via eth2 which receives dynamic IP from ISP. I also want to continue using squid for caching

Any pointers to proceed will be most appreciated.
Thanks in advance,

Zapp

Well I think than the only tools you need are iptables and iproute.

I also have a situation like you, 2 providers one subnet and I needed to route clients for both connection.


What I recomend is to use iproute to create routing tables and iptables to mangle (sign) the traffic that matches the criteria (destination port) and send it to the correct table.
This is how I've done it..but problably there is another way..maybe better way :P
Check this link
lartc.org

Thanks, will surely try.

Regards,
Zapp

Hi All,
Before I started to try the above, I noticed that I could not ping a host on one of the networks (192.168.1.0/24 connected on eth2) from this router itself although they are connected.

It that normal ? Or am I missing something out ?

Or is it only that I configure routing will I be able to do that ?

Thanks in advance,
Regards,
Zapp

I guess it depends on what your routing table looks like. Please post the output of these two commands, as they will help everyone diagnose the problem.

and

Also you might want to check if ip forwarding is enbabled.

Hi there - thanks for the response

Here are the outputs you asked for:

[root@testrouter ~]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:80:48:18:01:A4
inet addr:202.79.33.125 Bcast:202.79.33.127 Mask:255.255.255.248
inet6 addr: fe80::280:48ff:fe18:1a4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9756 errors:0 dropped:0 overruns:0 frame:0
TX packets:1648 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2672982 (2.5 MiB) TX bytes:160193 (156.4 KiB)
Interrupt:169 Base address:0x8800

eth1 Link encap:Ethernet HWaddr 00:11:95:5F:145
inet addr:192.168.111.244 Bcast:192.168.111.255 Mask:255.255.255.0
inet6 addr: fe80::211:95ff:fe5f:14d5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:593992 errors:0 dropped:0 overruns:0 frame:0
TX packets:25035 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69198228 (65.9 MiB) TX bytes:22935803 (21.8 MiB)
Interrupt:185 Base address:0xa400

eth2 Link encap:Ethernet HWaddr 00:02:44:92:12:9D
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::202:44ff:fe92:129d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:202 errors:0 dropped:0 overruns:0 frame:0
TX packets:272 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:12266 (11.9 KiB) TX bytes:44891 (43.8 KiB)
Interrupt:209 Base address:0xec00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11708 errors:0 dropped:0 overruns:0 frame:0
TX packets:11708 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21716109 (20.7 MiB) TX bytes:21716109 (20.7 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)



[root@testrouter ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.79.33.120 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 202.79.33.121 0.0.0.0 UG 0 0 0 eth0


[root@testrouter ~]# cat /proc/sys/net/ipv4/ip_forward
1


Regards,
Zapp

Thanks for the output. My next question is, could you give us a little information about the physical layout of your network. So this box looks to be a router for internet sharing??, but what do each of your respective ethernet devices connect to? Does eth2 connect to a switch?

Dear lsteacke

Well, thanks you for your response. Here is my layout.

eth1 is connected to may LAN via a CISCO Catalyst switch (192.168.111.0/24)
eth0 is connected to a router directly from my ISP1 (202....)
eth2 is connected to an ADSL Modem (Router) from my ISP2 (192.168.1.0/24) via the same CISCO Catalyst switch - I know, not a good thing to do but it is my test environment. Should normally work, shouldn't it ?

My problem is that I cannot ping my ADSL router from this linux machine while other hosts connected to the same switch with 192.168.1.* ip can.

However I partly solved my problems by connecting the cable from ADSL modem to the linux machine directly. Now it is able to ping the ADSL router, LAN as well as my ISP1 gateway.

But, some people in the network who were testing the link using ADSL are not able to do so.

I now have to provide them a fast solution.

BTW, any ideas on how to route certain traffic(eg. mail, pop, imap) through one link and the rest through another ?

Thanks once again,
Regards,
Zapp

So I am assuming now that you have connected the ADSL modem directly to eth2, all the users that are connected to the switch no longer have internet connectivity, hence forth defeating the purpose of having 2 ISP's? I've been doing some research and I'd like to refer you to a page I've found.

http://www.openfusion.net/linux/dual...ways_in_centos

This looks like it will help with the routing, and as far as redirecting traffic, that will most likely be handled with iptables.

Hi,

maybe this script is good for you.

http://www.256bit.org/rc.firewall.shtml

I've been using it for few years but I didn't use it for two ISP connection.

Anyway it will mangle the packets and you can add more connections at trusted and internet zones.

So try it.

Laz