Hi, I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps uplink and DSL 2 - 2Mbps downlink/512kpbs uplink) I would like to only allow ftp, pop3 and http via the DSL 1 and only smtp, ipsec and pptp via DSL 2. How can I do so? Can I use iproute to route these protocols? Below is my ip routing: - # DSL 1 ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1 ip route add default via 2.2.2.209 table 1 # DSL 2 ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2 ip route add default via 3.3.3.117 table 2 ip rule add from 2.2.2.208/30 lookup 1 ip rule add from 3.3.3.116/30 lookup 2 ip route add 3.3.3.116/30 dev eth2 table 1 ip route add 10.59.2.0/24 dev eth1 table 1 ip route add 127.0.0.0/8 dev lo table 1 ip route add 2.2.2.208/30 dev eth0 table 2 ip route add 10.59.2.0/24 dev eth1 table 2 ip route add 127.0.0.0/8 dev lo table 2 ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight 1 nexthop via 3.3.3.117 dev eth2 weight 1 Below is my iptables: - lanif="eth1" squid_box="10.59.2.3" lan_net="10.59.2.0/24" $ECHO 1 > /proc/sys/net/ipv4/ip_forward $IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport 80 -j DNAT --to $squid_box:3128 $IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j SNAT --to $lan_ip $IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p tcp --dport 3128 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -j MASQUERADE Regards, ro0ot _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps uplink and DSL 2 - 2Mbps downlink/512kpbs uplink) I would like to only allow ftp, pop3 and http via the DSL 1 and only smtp, ipsec and pptp via DSL 2. How can I do so? Can I use iproute to route these protocols? Below is my ip routing: - # DSL 1 ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1 ip route add default via 2.2.2.209 table 1 # DSL 2 ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2 ip route add default via 3.3.3.117 table 2 ip rule add from 2.2.2.208/30 lookup 1 ip rule add from 3.3.3.116/30 lookup 2 ip route add 3.3.3.116/30 dev eth2 table 1 ip route add 10.59.2.0/24 dev eth1 table 1 ip route add 127.0.0.0/8 dev lo table 1 ip route add 2.2.2.208/30 dev eth0 table 2 ip route add 10.59.2.0/24 dev eth1 table 2 ip route add 127.0.0.0/8 dev lo table 2 ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight 1 nexthop via 3.3.3.117 dev eth2 weight 1 Below is my iptables: - lanif="eth1" squid_box="10.59.2.3" lan_net="10.59.2.0/24" $ECHO 1 > /proc/sys/net/ipv4/ip_forward $IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport 80 -j DNAT --to $squid_box:3128 $IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j SNAT --to $lan_ip $IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p tcp --dport 3128 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -j MASQUERADE Regards, ro0ot _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 10 Feb 2005 02:20:56 +0800, ro0ot <ro0ot@phreaker.net> wrote:> Hi, > > I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps > uplink and DSL 2 - 2Mbps downlink/512kpbs uplink) > > I would like to only allow ftp, pop3 and http via the DSL 1 and only > smtp, ipsec and pptp via DSL 2. > > How can I do so? Can I use iproute to route these protocols? > > Below is my ip routing: - > > # DSL 1 > ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1 > ip route add default via 2.2.2.209 table 1 > > # DSL 2 > ip route add 3.3.3.116/30 dev eth2 src 3.3.3.118 table 2 > ip route add default via 3.3.3.117 table 2 > > ip rule add from 2.2.2.208/30 lookup 1 > ip rule add from 3.3.3.116/30 lookup 2 > > ip route add 3.3.3.116/30 dev eth2 table 1 > ip route add 10.59.2.0/24 dev eth1 table 1 > ip route add 127.0.0.0/8 dev lo table 1 > > ip route add 2.2.2.208/30 dev eth0 table 2 > ip route add 10.59.2.0/24 dev eth1 table 2 > ip route add 127.0.0.0/8 dev lo table 2 > > ip route add default scope global nexthop via 2.2.2.209 dev eth0 weight > 1 nexthop via 3.3.3.117 dev eth2 weight 1 > > Below is my iptables: - > > lanif="eth1" > squid_box="10.59.2.3" > lan_net="10.59.2.0/24" > > $ECHO 1 > /proc/sys/net/ipv4/ip_forward > > $IPTABLES -t nat -A PREROUTING -i $lanif -s ! $squid_box -p tcp --dport > 80 -j DNAT --to $squid_box:3128 > $IPTABLES -t nat -A POSTROUTING -o $lanif -s $lan_net -d $squid_box -j > SNAT --to $lan_ip > $IPTABLES -A FORWARD -s $lan_net -d $squid_box -i $lanif -o $lanif -p > tcp --dport 3128 -j ACCEPT > > $IPTABLES -t nat -A POSTROUTING -j MASQUERADE > > Regards, > ro0otHi, You can use: ipchains -A INPUT -p tcp -s 0/0 --dport 21 -m 1 ipchains -A INPUT -p tcp -s 0/0 --dport 110 -m 1 and ip rule add fwmark 1 table 1 prio 15000 And the same for the other DSL. BTW, is the current configuration working ok now? What kernel are you using, which patches? Because I''m using a similar configuration and I''m having issues with some connections timing out. Regards, Bernardo Silveira Via IP Soluções para Internet _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/