CentOS - Mar 2016 - how to force outbound ssh through one network card

Everyone,

I am putting together a new gateway machine that controls all of the
traffic in and out of one of our offices. ?We we have a machine with
CentOS Linux release 7.2.1511 (Core)??with 3.10.0-327.10.1.el7.x86_64
kernel which is now equipped with three nic cards. ? We decided to
change our internet providers, but unfortunately Comcast would not
allow us to drop there service without some penalties so management
decided to keep the line and not put up a fight. Of the three nic
cards, one card serves the local network inside the office, and the
other two will connect to the two different internet lines. ??

This has resulted in providing us with two outbound internet lines that
we can use. ?I decided to do some experimenting to see if I could use
iptables or other venues to use both outside internet addresses to
augment our bandwidth. ?

Can anyone refer me to any tutorial or give me suggestions as to how to
route outbound ssh traffic that is generated from one of the machines
inside the network through only one of the specified nic cards on the
gateway. ?I would like to see if I can utilize this extra band width by
splitting ssh traffic and html traffic. ?Essentially, I would like to
force outbound ssh traffic on only one of the outside nic cards.

Any ideas?

Greg Ennis

On Tue, Mar 08, 2016 at 09:41:43PM -0600, Gregory P. Ennis
wrote:
> Everyone,
> 
> I am putting together a new gateway machine that controls all of the
> traffic in and out of one of our offices. ?We we have a machine with
> CentOS Linux release 7.2.1511 (Core)??with 3.10.0-327.10.1.el7.x86_64
> kernel which is now equipped with three nic cards. ? We decided to
> change our internet providers, but unfortunately Comcast would not
> allow us to drop there service without some penalties so management
> decided to keep the line and not put up a fight. Of the three nic
> cards, one card serves the local network inside the office, and the
> other two will connect to the two different internet lines. ??
> 
> This has resulted in providing us with two outbound internet lines that
> we can use. ?I decided to do some experimenting to see if I could use
> iptables or other venues to use both outside internet addresses to
> augment our bandwidth. ?
> 
> Can anyone refer me to any tutorial or give me suggestions as to how to
> route outbound ssh traffic that is generated from one of the machines
> inside the network through only one of the specified nic cards on the
> gateway. ?I would like to see if I can utilize this extra band width by
> splitting ssh traffic and html traffic. ?Essentially, I would like to
> force outbound ssh traffic on only one of the outside nic cards.
> 
> Any ideas?
> 
> Greg Ennis
though I have no personal experience with this, I'm guessing that
the term you want is "bonding" or "bonded interfaces". You
can probably
find articles on how to do that with some judicious googling.
I know I've seen such articles, but haven't kept any records of where.

Good luck!

Fred

-- 
-------------------------------------------------------------------------------
    Under no circumstances will I ever purchase anything offered to me as
    the result of an unsolicited e-mail message. Nor will I forward chain
    letters, petitions, mass mailings, or virus warnings to large numbers
    of others. This is my contribution to the survival of the online
    community.
 --Roger Ebert, December, 1996
----------------------------- The Boulder Pledge -----------------------------

On 3/8/2016 8:13 PM, Fred Smith wrote:
> though I have no personal experience with this, I'm guessing that
> the term you want is "bonding" or "bonded interfaces".
You can probably
> find articles on how to do that with some judicious googling.
> I know I've seen such articles, but haven't kept any records of
where.
NO.

you can't bond two interfaces connected to different ISP's.

best you can do is limited load balancing, and/or use source tagged 
routing via ip rules to change gateways.   its a mess to get right.



-- 
john r pierce, recycling bits in santa cruz