Hello, i have a server with 2 public ips on 2 devices. I want that the request of incoming traffic dont use the default gateway. Incoming traffic sould be answered using the gateway of the incoming device Could i realize this with firewalld? Or directly iptables? Greeting J
On 12/25/2015 12:44 PM, Joey wrote:> > i have a server with 2 public ips on 2 devices. > > I want that the request of incoming traffic dont use the default > gateway. Incoming traffic sould be answered using the gateway of the > incoming device > > Could i realize this with firewalld? Or directly iptables?No you can not do that via firewalld or iptables. The problem is you have to tell the packets to go out the proper interface which must be done via routing tables. For that purpose you need ip route. I suggest you take a look at https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ This link provides a very thorough description of what must be done. Just a warning is that you will want your routing tables to be maintained across system boots. I put my routes for my bridged interfaces into: /etc/sysconfig/network-scripts/route-br1 /etc/sysconfig/network-scripts/route-br2 You can put your routes into similar files... just replace the br1/br2 with your appropriate interface names. -- Paul (ganci at nurdog.com) Cell: (303)257-5208
On 12/25/2015 12:28 PM, Paul R. Ganci wrote:> you have to tell the packets to go out the proper interface which must > be done via routing tables. For that purpose you need ip route. I > suggest you take a look at > > https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ip route and ip rule. That link is fair for generic Linux, but this article describes the configuration files available on Red Hat and derived systems: https://blogs.oracle.com/networking/entry/advance_routing_for_multi_homed
This is half true. Depends on the application or the way that the network traffic is flowing you could use some iptables rules to mark a connection for example by the source MAC address per new connections which would be a specific router and by that mark the connection, then in the routing level decide which default gateway to use for this specific connection. You can take a look at an example that I wrote and modify it to use a MAC address match instead of NFQUEUE at: http://wiki.squid-cache.org/EliezerCroitoru/Drafts/MwanLB#iptables_rules_example The idea is that you mark a new connection from a specific router with a unique mark and then restore the connection mark to force a specific routing table on this mark(IE connection) Hope it Helps, Eliezer On 25/12/2015 22:28, Paul R. Ganci wrote:> On 12/25/2015 12:44 PM, Joey wrote: >> >> i have a server with 2 public ips on 2 devices. >> >> I want that the request of incoming traffic dont use the default >> gateway. Incoming traffic sould be answered using the gateway of the >> incoming device >> >> Could i realize this with firewalld? Or directly iptables? > > No you can not do that via firewalld or iptables. The problem is you > have to tell the packets to go out the proper interface which must be > done via routing tables. For that purpose you need ip route. I suggest > you take a look at > > https://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/ > > > This link provides a very thorough description of what must be done. > > Just a warning is that you will want your routing tables to be > maintained across system boots. I put my routes for my bridged > interfaces into: > > /etc/sysconfig/network-scripts/route-br1 > /etc/sysconfig/network-scripts/route-br2 > > You can put your routes into similar files... just replace the br1/br2 > with your appropriate interface names. >
On 26/12/15 06:44, Joey wrote:> Hello, > > i have a server with 2 public ips on 2 devices. >This is most likely what you are after: Routing for multiple uplinks/providers - http://lartc.org/howto/lartc.rpdb.multiple-links.html Cheers, ak.