I know it is poor form to ask a question after just joining a mailing list, but I searched around for an archive and couldn''t find out. I pray you''ll forgive my brashness. What I am trying to do is have 2 internet interfaces properly routing on the same box using the 2.4 kernel. I have a cable modem and a DSL modem (eth2) running into a single server which provides a few services to the outside world, including HTTP. This server also is forwarding the cable modem NIC (eth1) to the internal LAN (eth0) using SNAT. If I switch the default route and enable iptables to forward the DSL modem to LAN, then that works fine as well. So all 3 interfaces are effectively working, but only 2 of the Internet interfaces at a time. I''ve tried making both Net interfaces the default route, but it only routes the interface that was last made default. I want to make it so that someone can access the machine from either Internet IP (both static) so I can use the DSL interface (eth2) as a server or route certain ports coming in on eth2 it specifically to another server behind the routing machine. I would like this without interrupting the current cable modem SNAT connection. I have discussed this notion with a lot of people, and it seems that no one really knows how to do this. It seems like it really shouldn''t be that hard to put services out over specific interfaces. So I ask here. If anyone can give me any sort of guidance, direction, even a smile, I would be IMMENSELY grateful. Thank you, Joel Kleppinger
I can definitely give you the smile :-) As for your problem; I think that this has already been asked in other mailing lists but I haven''t seen any answer. What you want to do is "policy-routing" based on the source IP (for your outgoing traffic). Take a look at "http://kewl.phear.org/policy/". It might help. Ramin On Tue, Apr 24, 2001 at 11:29:12AM -0500, Joel Kleppinger wrote:> I know it is poor form to ask a question after just joining a mailing list, > but I searched around for an archive and couldn''t find out. I pray you''ll > forgive my brashness. > > What I am trying to do is have 2 internet interfaces properly routing on > the same box using the 2.4 kernel. I have a cable modem and a DSL modem > (eth2) running into a single server which provides a few services to the > outside world, including HTTP. This server also is forwarding the cable > modem NIC (eth1) to the internal LAN (eth0) using SNAT. If I switch the > default route and enable iptables to forward the DSL modem to LAN, then > that works fine as well. So all 3 interfaces are effectively working, but > only 2 of the Internet interfaces at a time. I''ve tried making both Net > interfaces the default route, but it only routes the interface that was > last made default. > > I want to make it so that someone can access the machine from either > Internet IP (both static) so I can use the DSL interface (eth2) as a server > or route certain ports coming in on eth2 it specifically to another server > behind the routing machine. I would like this without interrupting the > current cable modem SNAT connection. > > I have discussed this notion with a lot of people, and it seems that no one > really knows how to do this. It seems like it really shouldn''t be that > hard to put services out over specific interfaces. So I ask here. If > anyone can give me any sort of guidance, direction, even a smile, I would > be IMMENSELY grateful. > > Thank you, > > Joel Kleppinger > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
Ramin, you are my hero. I''ve spent the last 6+ months off and on trying to figure this little problem out and then within an hour of posting the question to this mailing list, you respond with what I needed. I compiled iproute2 then did the two ip lines described in that little HOWTO: ip ru add from my.DSL.ip.x lookup 4 ip ro add 0.0.0.0/0 via my.DSL.ISP.gateway table 4 And it worked. Too sweet. Now to figure out exactly what that did, how to manipulate it for different situations, and see what security implications that might have opened up (since the box is supposed to be theoretically considered a "firewall"). Thanks. You rock. :) Joel At 02:00 PM 4/24/2001 -0400, Ramin Alidousti wrote:>I can definitely give you the smile :-) > >As for your problem; I think that this has already been asked in >other mailing lists but I haven''t seen any answer. What you want >to do is "policy-routing" based on the source IP (for your outgoing >traffic). Take a look at "http://kewl.phear.org/policy/". It might >help. > >Ramin > > >On Tue, Apr 24, 2001 at 11:29:12AM -0500, Joel Kleppinger wrote: > > > I know it is poor form to ask a question after just joining a mailing > list, > > but I searched around for an archive and couldn''t find out. I pray you''ll > > forgive my brashness. > > > > What I am trying to do is have 2 internet interfaces properly routing on > > the same box using the 2.4 kernel. I have a cable modem and a DSL modem > > (eth2) running into a single server which provides a few services to the > > outside world, including HTTP. This server also is forwarding the cable > > modem NIC (eth1) to the internal LAN (eth0) using SNAT. If I switch the > > default route and enable iptables to forward the DSL modem to LAN, then > > that works fine as well. So all 3 interfaces are effectively working, but > > only 2 of the Internet interfaces at a time. I''ve tried making both Net > > interfaces the default route, but it only routes the interface that was > > last made default. > > > > I want to make it so that someone can access the machine from either > > Internet IP (both static) so I can use the DSL interface (eth2) as a > server > > or route certain ports coming in on eth2 it specifically to another server > > behind the routing machine. I would like this without interrupting the > > current cable modem SNAT connection. > > > > I have discussed this notion with a lot of people, and it seems that no > one > > really knows how to do this. It seems like it really shouldn''t be that > > hard to put services out over specific interfaces. So I ask here. If > > anyone can give me any sort of guidance, direction, even a smile, I would > > be IMMENSELY grateful. > > > > Thank you, > > > > Joel Kleppinger > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://ds9a.nl/2.4Routing/
On Tue, 24 Apr 2001, Joel Kleppinger wrote:> Ramin, you are my hero.Not to rain on Ramin''s parade, but there *have* been posts on this very subject on this very mailinglist for which the archives can actually be found at http://mailman.ds9a.nl/pipermail/lartc/ and in which archives the relevant posts are http://mailman.ds9a.nl/pipermail/lartc/2000q4/000091.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000092.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000153.html http://mailman.ds9a.nl/pipermail/lartc/2000q4/000156.html> I''ve spent the last 6+ months off and on trying to figure this little > problem out and then within an hour of posting the question to this mailing > list, you respond with what I needed.Isn''t the internet great? Now to find someone to fix the light-metering system in my old Canonet 28... :)> I compiled iproute2 > then did the two ip lines described in that little HOWTO: > ip ru add from my.DSL.ip.x lookup 4 > ip ro add 0.0.0.0/0 via my.DSL.ISP.gateway table 4> And it worked. Too sweet.Ah, yes, that would be the minimal code to make these things work. The posts from the archive mentioned above are somewhat more complete... :)> Now to figure out exactly what that did, how to manipulate it for different > situations, and see what security implications that might have opened up > (since the box is supposed to be theoretically considered a "firewall").In other words: time to read the manual. Which, admittedly, is not easy. Good luck, and may the routing gods be with you. Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don''t need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there''s nobody watching