LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-25-2012, 03:59 AM   #1
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Rep: Reputation: Disabled
iptables/route multiple outgoing interfaces choosen on IP range


Hi,

This is my situation.
I have a PC used as a router. I have 3 interfaces on that one:
- eth0: my local network
- eth1: internet connection 1
- eth2: internet connection 2

With dnsmasq I'm using IP range 192.168.1.1-192.168.1.255 as dynamic IP's and I'm using IP range 192.168.2.1-192.168.2.255 for my fixed IP's.
I want that all IP's of range 192.168.1.0 are using eth1 and all IP's of range 192.168.2.0 to use eth2 as internet connection.

I tryed with iptables but I only succeeded with all IP's on one interface (using masquerade).

By this I'm asking your help because I'm stuck...
Thanks!
 
Old 08-25-2012, 07:57 AM   #2
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Want to clarify more.

1. You want 192.168.1.0 network to go out using eth1
2. You want 192.168.2.0 network to go out using eth2

You tried IPtables MASQUUERADE and it is going only through eth1

Is all mentioned above is correct? if yes, then

Did you put a policy route to route traffic from 192.168.2.0 network should use eth2 as outgoing interface?
 
Old 08-25-2012, 08:10 AM   #3
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
Yes this is correct.
But I have no idea what interface it is using to go out...
So as I may have understand in your reply, I should use route to choose between the interfaces?
 
Old 08-25-2012, 08:43 AM   #4
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
Some extra information (I'm using VirtualBx to test the architecture).
When using 2 devices in total (1 internal 1 external) it works fine. When connection an other device (1 internal 2 externals) Nothing is working anymore. ping google.com doesn't even work on my nas/router PC.
 
Old 08-25-2012, 08:44 AM   #5
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
You have to tell the router
if packet is coming from 192.168.1.0 network, it should go out via interface eth1
but
if packet is coming from 192.168.2.0 network, it should go out via interface eth2

This can be achieved using

Policy Routing
 
Old 09-01-2012, 07:28 AM   #6
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks!
I looked around and found out that with iptables it is possible to do something like:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth2 -j MASQUERADE

Everything is working fine now for ip range 192.168.1.0 but for my ip range 192.168.2.0 it is not working...
Is there something else I'm forgetting to configure on the server?
 
Old 09-01-2012, 11:08 AM   #7
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Can you show/display IP tables rules for all Chains please?
 
Old 09-01-2012, 12:12 PM   #8
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Make sure the firewall has the rule
Code:
iptables -A FORWARD -i eth2 -j ACCEPT
 
Old 01-17-2013, 03:36 AM   #9
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
Sorry for that (really really late response).
I finally found some time to try this config again.

I looked further on the internet but it is still not working.

I executed the following
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.2.0.0/16 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -j ACCEPT
(I changed my home network config in the meanwhile as you can see, no 192.168.0.0 but 10.0.0.0 now)
This is not working for 10.1.0.0 BUT is working for 10.2.0.0

So I tried with the following
iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.2.0.0/16 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -j ACCEPT
And here again, it is working for 10.2.0.0 but not for 10.1.0.0

Here is my root table
root@routsrv01:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth2
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default routsrv01 0.0.0.0 UG 0 0 0 eth0
 
Old 01-17-2013, 04:00 AM   #10
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
I rebooted and now it is the other way around...
10.1.0.0 is working and 10.2.0.0 is not...

Route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth2
default routsrv01 0.0.0.0 UG 0 0 0 eth0

But, I can ssh on both interfaces (on both External IP's I receive)
Can it be because both WAN interface are using the same IP range?
 
Old 01-17-2013, 07:00 AM   #11
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
Updated my configuration (so all interfaces are on a different IP range)

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth2 -j ACCEPT

root@routsrv01:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.4.0 * 255.255.255.0 U 0 0 0 eth2
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default 10.0.4.2 0.0.0.0 UG 0 0 0 eth2
default routsrv01 0.0.0.0 UG 0 0 0 eth0

Still only one (arbitrary) interface is working

Last edited by krustyboy; 01-17-2013 at 07:01 AM. Reason: Missing information
 
Old 01-18-2013, 07:40 PM   #12
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Quote:
Originally Posted by KinnowGrower View Post
if packet is coming from 192.168.1.0 network, it should go out via interface eth1

if packet is coming from 192.168.2.0 network, it should go out via interface eth2

This can be achieved using

Policy Routing
As far as i know it can be achieved only using policy routing
 
Old 01-26-2013, 11:39 AM   #13
krustyboy
LQ Newbie
 
Registered: Aug 2012
Location: Belgium
Distribution: debian, lubuntu, raspbian
Posts: 8

Original Poster
Rep: Reputation: Disabled
It is finally working!
I followed this page http://www.linuxhorizon.ro/iproute2.html.

Thanks for your help!
 
Old 01-31-2013, 08:48 PM   #14
KinnowGrower
Member
 
Registered: May 2008
Location: Toronto
Distribution: Centos && Debian
Posts: 341

Rep: Reputation: 34
Nice to hear that, it is working. They call it policy routing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables/Route and multiple interfaces configuration TCB13 Linux - Networking 2 07-28-2012 10:27 AM
IPtables: Route outgoing traffic from internal host to only go a internet interface predatorz Linux - Networking 4 11-24-2010 09:05 AM
Iptables firewall in multiple lan interfaces Neelesh Linux - Security 3 07-31-2004 01:19 PM
IPTables and multiple interfaces MaverickApollo Linux - Networking 7 12-28-2003 04:19 PM
netfilter iptables and multiple interfaces raypen Linux - Networking 1 07-23-2002 09:07 PM


All times are GMT -5. The time now is 06:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration