Hi, let''s get to bussisnes ...
This is what I have
+--------------------------+
eth0 ----------------- | |
| LINUX |
---------------- eth1
eth2 ----------------- | |
| SUPER |
---------------- eth4
eth3 ----------------- | |
| ROUTER |
+--------------------------+
Internet Connections:
eth0: 200.1.1.0/24
eth2: 200.2.1.0/24
eth3: 200.3.1.0/24
from 3 diferent carriers
Private LAN:
eth1: NAT --> 192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
Internet Services (DNS, WEB, MAIL, etc)
First of all I''ll say that Traffic Controller works 10 points !!!!!
Routing is doing ok, but I''m not shure if it''s here were
I''m making all the trouble. So here is how I do it.
ip rule add from 192.168.1.0/24 table 1
ip route add 192.168.1.0/24 via 192.168.1.254 dev eth1 table 1 (
so machines can ping eachother )
ip route add default via 200.1.1.254 dev eth0
ip rule add from 192.168.2.0/24 table 2
ip route add 192.168.2.0/24 via 192.168.2.254 dev eth1 table 1 (
so machines can ping eachother )
ip route add default via 200.1.2.254 dev eth2
ip rule add from 192.168.3.0/24 table 3
ip route add 192.168.3.0/24 via 192.168.1.254 dev eth1 table 1 (
so machines can ping eachother )
ip route add default via 200.1.3.254 dev eth3
I think this is ok, it worked, but .......
Well here is my problem on eth4 I would like to put a dns, httpd, smtp, pop and
a proxy. All of this have IP that are part of (eth0).
DNS1 = 200.1.1.1 DNS2 = 200.1.1.2
I made all connections work with this DNS but when someone querys the dns, the
paket goes to the Internet an then comes back. Is there a way of redirecting or
routing it to eth0 before it goes to take a trip?
I tested with iptables DNAT, ip route add 200.1.1.1/36 dev eth4 ..... and did
not work.
Can somebody give me an advise or a clue on how should I do something like this?
an with the proxy? how can I specify on witch eth to go out depending from where
it came from TOS Mark?
I olso would like a recomendation on some good books, please.
That''s all folks,
well thank you verry much for the advise.
Krepper Guillermo (Billy)
Hello, I''m also new to this concept but from what I understand: 1) If you query from 192.168.1.0/24 it works fine. Doesn''t it? 2) From 192.168.2.0/24 and 192.168.3.0/24, the packets go to the Internet and come back through your first carrier to hit your DNS servers. Is this right? If these two assumptions are correct, then your problem is those default routes per private /24''s. I think that you need to set static routes to your DNS servers in tables 2 and 3. This might or might not be the solution to your problem. If so, glad to have been able to help; if not, sorry but I also said that I was new to all these. Ramin On Wed, Apr 18, 2001 at 08:27:09AM -0300, Krepper Guillermo wrote:> Hi, let''s get to bussisnes ... > This is what I have > > +--------------------------+ > eth0 ----------------- | | > | LINUX | ---------------- eth1 > eth2 ----------------- | | > | SUPER | ---------------- eth4 > eth3 ----------------- | | > | ROUTER | > +--------------------------+ > > > Internet Connections: > eth0: 200.1.1.0/24 > eth2: 200.2.1.0/24 > eth3: 200.3.1.0/24 > from 3 diferent carriers > > Private LAN: > eth1: NAT --> 192.168.1.0/24 > 192.168.2.0/24 > 192.168.3.0/24 > > Internet Services (DNS, WEB, MAIL, etc) > > First of all I''ll say that Traffic Controller works 10 points !!!!! > > Routing is doing ok, but I''m not shure if it''s here were I''m making all the trouble. So here is how I do it. > > ip rule add from 192.168.1.0/24 table 1 > ip route add 192.168.1.0/24 via 192.168.1.254 dev eth1 table 1 ( so machines can ping eachother ) > ip route add default via 200.1.1.254 dev eth0 > > ip rule add from 192.168.2.0/24 table 2 > ip route add 192.168.2.0/24 via 192.168.2.254 dev eth1 table 1 ( so machines can ping eachother ) > ip route add default via 200.1.2.254 dev eth2 > > ip rule add from 192.168.3.0/24 table 3 > ip route add 192.168.3.0/24 via 192.168.1.254 dev eth1 table 1 ( so machines can ping eachother ) > ip route add default via 200.1.3.254 dev eth3 > > > I think this is ok, it worked, but ....... > > Well here is my problem on eth4 I would like to put a dns, httpd, smtp, pop and a proxy. All of this have IP that are part of (eth0). > DNS1 = 200.1.1.1 DNS2 = 200.1.1.2 > > I made all connections work with this DNS but when someone querys the dns, the paket goes to the Internet an then comes back. Is there a way of redirecting or routing it to eth0 before it goes to take a trip? > I tested with iptables DNAT, ip route add 200.1.1.1/36 dev eth4 ..... and did not work. > Can somebody give me an advise or a clue on how should I do something like this? an with the proxy? how can I specify on witch eth to go out depending from where it came from TOS Mark? > I olso would like a recomendation on some good books, please. > > That''s all folks, > > > well thank you verry much for the advise. > > Krepper Guillermo (Billy) > > >-- Ramin Alidousti ramin@UU.NET Advanced Development tel +1 703 886 2640 UUNET, A WorldCom Company fax +1 703 886 0536
First of all thanks for you answer -----Mensaje original----- De: Ramin Alidousti <ramin@UU.NET> Para: Krepper Guillermo <billy@ciudadglobal.com.ar> CC: lartc@mailman.ds9a.nl <lartc@mailman.ds9a.nl> Fecha: Jueves, 19 de Abril de 2001 10:48 a.m. Asunto: Re: [LARTC] I need some advise from a routing Guru !!>Hello, > >I''m also new to this concept but from what I understand: > >1) If you query from 192.168.1.0/24 it works fine. Doesn''t it?No, actually none of the NATs classes (192.168.1.0; 192.168.2.0; 192.168.3.0) can query the dns. They can''t ping it. But using iptables DNAT i could do some thing like check mail, telnet, etc. the problem is that the dns and the mail server must go out to the internet to do there work. I''ll explain a little more eth4: 192.168.10.254 (on the linux machine) eth0: 200.1.1.1 -->DNAT --to 192.168.10.1 200.1.1.2 -->DNAT --to 192.168.10.2 the dns server is configured with eth1: 192.168.10.1; 192.168.10.2 Here is the DNAT command I''m using, maybe my error is here. iptables -A PREROUNTING -t nat -d 200.1.1.1 -j DNAT 192.168.1.1 (should I use "-i" option, here ?)> >2) From 192.168.2.0/24 and 192.168.3.0/24, the packets go to the > Internet and come back through your first carrier to hit your > DNS servers. Is this right? > >If these two assumptions are correct, then your problem is those >default routes per private /24''s. I think that you need to set >static routes to your DNS servers in tables 2 and 3. > >This might or might not be the solution to your problem. If so, >glad to have been able to help; if not, sorry but I also said >that I was new to all these. > >Ramin > >On Wed, Apr 18, 2001 at 08:27:09AM -0300, Krepper Guillermo wrote: > >> Hi, let''s get to bussisnes ... >> This is what I have >> >>+--------------------------+>> eth0 ----------------- ||>> | LINUX| ---------------- eth1>> eth2 ----------------- ||>> | SUPER| ---------------- eth4>> eth3 ----------------- ||>> | ROUTER | >>+--------------------------+>> >> >> Internet Connections: >> eth0: 200.1.1.0/24 >> eth2: 200.2.1.0/24 >> eth3: 200.3.1.0/24 >> from 3 diferent carriers >> >> Private LAN: >> eth1: NAT --> 192.168.1.0/24 >> 192.168.2.0/24 >> 192.168.3.0/24 >> >> Internet Services (DNS, WEB, MAIL, etc) >> >> First of all I''ll say that Traffic Controller works 10 points !!!!! >> >> Routing is doing ok, but I''m not shure if it''s here were I''m making allthe trouble. So here is how I do it.>> >> ip rule add from 192.168.1.0/24 table 1 >> ip route add 192.168.1.0/24 via 192.168.1.254 dev eth1 table 1( so machines can ping eachother )>> ip route add default via 200.1.1.254 dev eth0 >> >> ip rule add from 192.168.2.0/24 table 2 >> ip route add 192.168.2.0/24 via 192.168.2.254 dev eth1 table 1( so machines can ping eachother )>> ip route add default via 200.1.2.254 dev eth2 >> >> ip rule add from 192.168.3.0/24 table 3 >> ip route add 192.168.3.0/24 via 192.168.1.254 dev eth1 table 1( so machines can ping eachother )>> ip route add default via 200.1.3.254 dev eth3 >> >> >> I think this is ok, it worked, but ....... >> >> Well here is my problem on eth4 I would like to put a dns, httpd, smtp,pop and a proxy. All of this have IP that are part of (eth0).>> DNS1 = 200.1.1.1 DNS2 = 200.1.1.2 >> >> I made all connections work with this DNS but when someone querys thedns, the paket goes to the Internet an then comes back. Is there a way of redirecting or routing it to eth0 before it goes to take a trip?>> I tested with iptables DNAT, ip route add 200.1.1.1/36 dev eth4 ..... anddid not work.>> Can somebody give me an advise or a clue on how should I do somethinglike this? an with the proxy? how can I specify on witch eth to go out depending from where it came from TOS Mark?>> I olso would like a recomendation on some good books, please. >> >> That''s all folks, >> >> >> well thank you verry much for the advise. >> >> Krepper Guillermo (Billy) >> >> >> > >-- >Ramin Alidousti ramin@UU.NET >Advanced Development tel +1 703 886 2640 >UUNET, A WorldCom Company fax +1 703 886 0536 > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:http://ds9a.nl/2.4Routing/>
Krepper Guillermo
2001-Apr-24 14:21 UTC
Fordwaring public IP with ip route !! I''m mising something
Hi again> > > >+-----------------+> > eth0 ----------------- ||> > | LINUX| ---------------- eth1> > eth2 ----------------- ||> > | SUPER| ---------------- eth4> > eth3 ----------------- ||> > |ROUTER |> >+----------------+> > > >Internet Connections: eth0: 200.1.1.2 (200.1.1.0/24) 200.1.1.1 in the main router eth2: 200.2.1.2 (200.2.1.0/24) 200.2.1.1 in the main router eth3: 200.3.1.2 (200.3.1.0/24) 200.3.1.1 in the main router from 3 diferent carriers eth1 is a privet SNAT Can I forward some public IP to eth4? I did some thing like this but with no luck. ip aliasing for eth4 = 200.1.1.3; 200.2.1.3; 200.3.1.3 on the linux router, at the end of eth4 is a hub conected to 3 PC, one for each public class. PC1 is 200.1.1.4. PC2 is 200.2.1.4 and PC3 is 200.1.1.5. What I aded in the routes where PC1: ip rule to 200.1.1.4 table 4 (sould I use 200.1.1.4/32 ??) ip route add 200.1.1.4 via 200.1.1.3 via eth4 table 4 (sould I use 200.1.1.4/32 ??) Well this work in one whay: all can access PC1, But PC1 can not access internet. Ping to main router 200.1.1.1 does not work. I have ip_forward=1, but I think I need to activate something more to do this, is that right? What other porcs should I review the settings? Or another thing I tried is creating a second rule ip rule from 200.1.1.4 table 14 ip route add default via 200.1.1.1 dev eth0 table 14 But did not work. !!! All review all archive in the mailling list tried with some examples I found using "global" and "nexthop" options but with no luck. Well I now out of ideas ... and looking for some advise. Thanks Krepper Guillermo.