View all products
Compute
Storage
Networking
Databases
Services
Solutions
Pricing
Library
Technical Resources
Community
Marketplace
What's New
Community Questions Routing with Dual internet connection
Log in to Ask a Question

Routing with Dual internet connection

networking

Hi all.

Ive used this (http://linux-ip.net/html/adv-multi-internet.html) very usefull guide on how to route traffic to multiple internet connections based on traffic type (http isp1 ftp isp2). It works a treat. However, it works as long as the machine that is accessing the internet resource is not the router pc itself. Heres what Ive got so far:

Fedora Core 6 setup with IP forwarding and iptables as the firewall 3 network cards - one network card going to isp1 (eth1) another going to isp2 (eth2) and another to connected to the LAN (eth0)

Ive set it up as a router as per (http://www.yolinux.com/TUTORIALS/LinuxT … teway.html">http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html) Which basically says:

Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.

iptables --flush - Flush all the rules in filter and nat tables

iptables --table nat --flush

iptables --delete-chain - Delete all chains that are not in default filter and nat table

iptables --table nat --delete-chain

Set up IP FORWARDing and Masquerading

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE

iptables --append FORWARD --in-interface eth0 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward - Enables packet forwarding by kernel

That all works great. Next Ive got the stuff needed for the conditional routing:

iptables -t mangle -A PREROUTING -p tcp --dport 81 -s 192.168.99.0/24 -j MARK --set-mark 4

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp1

iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp2

there are some ip rules that get added that act upon the --set-mark:

ip rule add fwmark 4 table 4

I use port 81 as test, by setting up a remote web server that listens on port 81 and tells me (via php) what my ip address is.

Like I said, works a treat, as long the pc I use to browse (or whatever) is not the router pc itself, but id like it to work from the router pc as well as remote stations. Any suggestions greatly appreciated.

PresidentScroob.

2 Replies

I can't give example commands, but I'd suspect that the right tool to do this is the 'ip' command (aka iproute2), rather than iptables. (see http://lartc.org/howto/) BTW, the reason it's not working locally is that locally generated packets don't go through the same tables as remote packets. See the iptables docs, but I've got no idea if there is a way to do this with only iptables

For multi-wan on my own network with NAT involved I ended up just using clark connect as it was free/easy and highly configurable not to mention it worked well. Doing multi wan NAT seemed like too much of a pain in the but; however, for my server in a data-center I do multi-wan. I wanted everything to go out of eth0 by default unless programs bound to eth1. Everything worked using the default setup but everything really went in/out through eth0 instead of eth1. Here is the script I use to set it up after the network adapters are setup using the init script:

#!/bin/sh
ip0=`ifconfig eth0  | grep inet\ ad | gawk '{print $2}' | cut -d':' -f2`
ip1=`ifconfig eth1  | grep inet\ ad | gawk '{print $2}' | cut -d':' -f2`

sub0=`ifconfig eth0  | grep inet\ ad | gawk '{print $2}' | cut -d':' -f2 | cut -d'.' -f1-3`
sub1=`ifconfig eth1  | grep inet\ ad | gawk '{print $2}' | cut -d':' -f2 | cut -d'.' -f1-3`

gw0=`echo $sub0.1`
gw1=`echo $sub1.1`

ip route flush all

ip route del default dev eth0
ip route del default dev eth1

ip route del table 1
ip route add table 1 to default via $gw0 dev eth0

ip route del table 2
ip route add table 2 to default via $gw1 dev eth1

ip rule add from $ip0 table 1
ip rule add from $ip1 table 2

ip route add default via $gw0 dev eth0

It was written for my use only so it assumes devices and /24 networks but I mainly used variables simply so it still works if I change iP addresses.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct