LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-13-2004, 08:30 AM   #1
The Jesus
Member
 
Registered: Mar 2002
Location: Cleveland, Ohio
Distribution: Ubuntu, Gentoo, Fedora Core 5, FreeBSD
Posts: 50

Rep: Reputation: 15
Question Routing to multiple gateways


I have three gateways:

Cisco Router (192.168.203.1)
Cisco Pix (192.168.250.1)
Cisco Pix (10.127.1.1)


Server
eth0 (192.168.250.50)
eth1 (192.168.203.214)
eth2 (10.127.1.20 )
GW (192.168.250.1)

I have apache running on my server and I need to be able to route packets to these different gateways. As it stands right now if I make a connection from the internet to Cisco Pix (10.127.1.0/24) the packet gets routed to the server by the pix but never makes it back to the PIX to go back to the internet. I have tried modify the routing table but have had no sucess. How would I make this work? Iproute2? Some kind of SNAT on the pix? Don't ask why I have this setup. It is a long story.

Thanks in advance.
 
Old 02-13-2004, 10:46 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Have a look at http://tldp.org/HOWTO/Adv-Routing-HOWTO/

Particularly chapters 3 & 4..
 
Old 02-13-2004, 02:03 PM   #3
The Jesus
Member
 
Registered: Mar 2002
Location: Cleveland, Ohio
Distribution: Ubuntu, Gentoo, Fedora Core 5, FreeBSD
Posts: 50

Original Poster
Rep: Reputation: 15
Peter,

I have read this before and just read it again. This not a very clear example. Do you know of another example that is a little better?

Thanks,
Matt
 
Old 02-14-2004, 04:21 AM   #4
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Am I right if I say that you have three separate internet connection through three different Cisco routers? Or are those three routers connected to your corporate LAN? Are all adresses in the private realm?
 
Old 02-14-2004, 06:42 PM   #5
andzerger
Member
 
Registered: Feb 2004
Location: denver
Distribution: slackware && freeBSD && rh9
Posts: 92

Rep: Reputation: 15
ill bet a new iptables could help:

i duno if you use nat or not, i do, if my iptables isnt configured right, nothing gets forwarded

iptables -t nat -A POSTROUTING -o eth[?] -j SNAT --to-source [destination device IP]

also dont forget the FORWARD ruleset

//allow forwarding from certain device
iptables -A FORWARD -i eth[?] ACCEPT

//allow new connections that are related to old ones
iptables -A FORWARD -m state --state ESTABLISHED, RELATED, NEW -j ACCEPT

im thinking about rewriting that one because im sick of yahoo IM connections to port 135 inside the firewall.. can anyone help me do this? maybe a :

iptables -A INPUT -p TCP -i eth[?] -s 0/0 --dport 135 -j DROP
??

pax,
andrew
 
Old 02-16-2004, 09:40 AM   #6
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Maybe the HOWTO now reads so easily coz I got it working..

Basically, you need to add rules to state that what comes in an interface also goes back out the same one...
And if you are NATting ok, the reverse is always true...

The HOWTO also explains how to do a basic load balance using the 'weight' keyword, but there doesn't appear to be another 'ip route' option.
Of course you can use the iptables mangle table to mark the outgoing packets and 'ip rule'against that mark.

So my basic is as it's written in the HOWTO, but I have 5 possible outgoing interfaces, 2 under 'weight' control and the others under MARK control.

For your 3 interfaces...

Name the 'tables', one for each interface, ds1, dsl2, dsl3 (chapter 4.1 3rd example)
echo 200 dsl1 >> /etc/iproute2/rt_tables
echo 201 dsl2 >> /etc/iproute2/rt_tables
echo 202 dsl3 >> /etc/iproute2/rt_tables

Jump down to chapter 4.2.1 Split access, and make routes in the tables
based on the interfaces & ip numbers & gateways

ip route add dsl1_network dev eth1 src eth1_ip_number table dsl1
ip route add dsl2_network dev eth2 src eth2_ip_number table dsl2
ip route add dsl3_network dev eth3 src eth3_ip_number table dsl3

and gateway routes...
ip route add default via dsl1_ip_number table dsl1
ip route add default via dsl2_ip_number table dsl2
ip route add default via dsl3_ip_number table dsl3

Now the regular routes.. (= table routes minus the tables)
ip route add dsl1_network dev eth1 src eth1_ip_number
ip route add dsl2_network dev eth2 src eth2_ip_number
ip route add dsl3_network dev eth3 src eth3_ip_number

The default routes load balanced (kind of) for outgoing..
ip route add default scope global nexthop via dsl1_ip_number dev eth1 weight 5 nexthop via dsl2_ip_number dev eth2 weight 5 nexthop via dsl3_ip_number dev eth3 weight 5

And finally the rules of who comes from where..
ip rule add from eth1_ip_number table dsl1
ip rule add from eth2_ip_number table dsl2
ip rule add from eth3_ip_number table dsl3

There are usually places in the ifup/down scripts to place config file statements to do all this at boot or net restart.
You may have to use replace instead of add to remove old route statements...

Last edited by peter_robb; 02-16-2004 at 12:24 PM.
 
Old 09-20-2012, 01:58 AM   #7
karthick_je
LQ Newbie
 
Registered: Oct 2008
Posts: 3

Rep: Reputation: 0
Dual internet connection

Hi all ,

I'm about to setup dual internet connection with one lan connection. Looks like the following

eth0 - LAN
eth1 - WAN1
eth2 - WAN2

eth0 connected to switch and eth1, eth2 are two different ISP. I have fedora o/s and setup the LAN as 192.168.1.1 for eth0. WAN1 as xxx.xxx.xxx.xxx for eth1, WAN2 as yyy.yyy.yyy.yyy for eth2.

I'm not looking for load balance / failover. The following is the IP table rule for internet and also enable ip_forwarding.

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

Internet gets established for LAN, when they mention the g/w as 192.168.1.1. now my problem starts. Pls help me out with some ideas.


1) I need both the WAN1 and WAN2 need to be active. WAN1 as default.
2) If the LAN users tries to access some specific destination wan address that should be routed through WAN2. I know the specific WAN ip address which need to be mentioned.
3) When I set the same iptables which i have mentioned above for WAN2, the internet connection gets disconnected.

All the users must routed to WAN1 but when any request by users to specific WAN address it must be routed to WAN2.

kindly help what need to be done.

Thanks
Karthick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing question on RH9, two gateways tscman Linux - Networking 2 11-25-2004 06:39 AM
Red Hat 7.3 and multiple gateways on multiple interfaces bluefmc Linux - Networking 2 11-19-2004 05:01 PM
Advanced Networking - Multiple gateways, routing question/shorewall micaheli Linux - Networking 2 09-30-2004 12:05 AM
multiple ips, multiple gateways, one interface drpixel Linux - Networking 6 12-04-2002 12:56 AM
Possible to have 2 gateways at once in routing table? magnakuz Linux - Networking 1 03-04-2002 09:54 AM


All times are GMT -5. The time now is 01:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration