LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-15-2011, 11:12 PM   #1
praemus
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Rep: Reputation: 0
Smile Send traffic down WAN link depending on Client IP Address Range


Hi,
I am running Debian Squeeze with the following basic services running:
  • DNS
  • DHCP
  • Samba
  • Squid

The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).

The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.

What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.

I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:

Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.

Can anyone explain how I should set this up?

I would be greatly appreciative.

-praemus

Last edited by praemus; 04-15-2011 at 11:13 PM. Reason: More informative title
 
Old 04-16-2011, 12:51 AM   #2
praemus
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
OK, so I had a think about it, and want someone to see if they agree with me.

If I forget about squid and just use iptables would something like this work?:
Code:
iptables -t mangle -A FORWARD -p tcp --sports 80 443 143 -s 10.0.30.0/8 -o eth1  #for all port 80, 443, 143 traffic coming from 10.0.30.0, forward it to device eth1
iptables -t mangle -A FORWARD -p tcp --sports 80 443 143 -s 10.0.40.0/8 -o eth0  #for all port 80, 443, 143 traffic coming from 10.0.40.0, forward it to device eth0
Thanks,
-praemus
 
Old 04-16-2011, 01:03 AM   #3
praemus
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
My bad, that iptables rule should have
Code:
-sport 80
instead of
Code:
-sports 80 443 143
I will have to run a separate command for each port.

Either the linux man page is wrong or I don't have the latest version of iptables (that's why I get an error when I use the option --sports)

Thanks,
-praemus
 
Old 04-16-2011, 02:02 AM   #4
praemus
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
OK, that didn't work. Anyone got any other ideas?

Thanks,
-praemus
 
Old 04-17-2011, 07:11 AM   #5
praemus
LQ Newbie
 
Registered: Apr 2011
Posts: 5

Original Poster
Rep: Reputation: 0
Anyone got any ideas? From my research load balancing seems to be easy to do, just not splitting traffic.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy with multi wan links and load balancer lukeshih Linux - Networking 1 03-02-2010 09:10 AM
Transparent Proxy with 2 WAN links yorbs8 Linux - Networking 7 03-01-2010 07:32 PM
mrtg installation for two wan links sandeep.v.s Linux - Networking 0 10-17-2007 04:07 AM
Multiple WAN links and DNS twistedpair Linux - Networking 1 06-14-2006 03:40 PM
Advanced routing across multiple WAN links ? michaelsanford Linux - Networking 1 06-28-2005 09:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration