Hello
I have a firewall on CentOS 5 connected to two Internet provider routers ISP1 and ISP2.
All traffic to and from the firewall itself works fine (ex VPN, DNS). My problem concerns trafic which
transit through the firewall. For instance, I have on my local network SMTP and Web servers.
The connections from ISP1 to these serves work fine. But connections from ISP2 doesn't
work because response are returned to ISP1.
Topology is the following
Firewall:
eth0 (192.168.0.1) connected to ISP1's router (192.168.0.200)
eth2 (192.168.2.1) connected to ISP2's router (192.168.2.200)
The interface eth1 of the firewall is connected to my LAN netwotk 192.168.1.0/24 with address 192.168.1.1.
I use iproute2 with the following instructions (following Google sites informations):
rt_tables:
routes ans rules:
Code:
ip route add 192.168.0.0/24 dev eth0 src 192.168.0.1 table isp1
ip route add default via 192.168.0.200 table provider1
ip route add 192.168.2.0/24 dev eth2 src 192.168.2.1 table isp2
ip route add default via 192.168.2.200 table provider2
ip route add 192.168.1.0/24 dev eth1 table isp1
ip route add 192.168.1.0/24 dev eth1 table isp2
ip rule add from 192.168.0.1 table isp1
ip rule add from 192.168.2.1 table isp2
ip route add default scope global nexthop via 192.168.0.200 dev eth0 weight 20 nexthop via 192.168.2.200 dev eth2 weight 1
Incoming trafic is forwarded with iptables (here HTTP trafic but it's simalar form SMTP trafic):
Code:
iptables --table nat --append PREROUTING -p tcp -i eth0 -o eth1 --destination-port 80 --to-destination 192.168.1.30:80 -j DNAT
iptables --table filter --append FORWARD -p tcp -i eth0 -o eth1 --destination 192.168.1.30 --dport 80 -j ALLOWED
iptables --table nat --append PREROUTING -p tcp -i eth2 -o eth1 --destination-port 80 --to-destination 192.168.1.30:80 -j DNAT
iptables --table filter --append FORWARD -p tcp -i eth2 -o eth1 --destination 192.168.1.30 --dport 80 -j ALLOWED
What is missing or wrong?
Many thanks