0 *H
010 +0 *H
$Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Hi ALL,
I''m new to TC and IPTABLES and i need help in setting up a
filter/routing
solution to an ISP.
I''ve read all the HOWTOs and i''ve reading LARTC messages for a
month now.
I still don''t have a clue on how to do it ''cause sometimes
people say it''s
easy, sometimes they say it''s impossible.
I''m seeking help for it. Let''s move to the subject.
We have a small ISP and we are moving a linux box running RH 7.1 to avoid
having to set up BGP because we don''t have an ASN.
What we want to do is to implement redundancy to the services.
The way we managed to do it is like this:
ISP1 ISP2
| |
| |
|______ ISP _________|
Linux RH 7.1 ver 2.4.2-2
|
|
___________|_______________
| | | | | |
boxes with services we provide
This is the cenario:
. ISP1 and ISP2 are our providers of connection to the internet
. The Linux box is running IPTABLES and TC instaled (patched full)
. The Linux is going to be our firewall and is not going to run any
services at the interfaces to ISP1 and 2.
. The firewall is going to NAT all the packets allowing us to play with
then accordingly, routing and dropping as we need.
What we have done so far?
We''ve managed to play with two default gateways equal cost and it
works,
the problems are that we have two diferent ISPs to work with and the box
send the packets without a simple logic, we just need that packets comming
from eth0 to go back through eth0. If we ping the firewall from ISP1
sometimes it sends back the ICMP packet with the ip from the other
interface and it''s not allowed from ISP1 ou 2. That way it
don''t get past
their firewalls.
If i can set this up to work telling linux to send back using eth0 the
packets that comes from eth0 with the ip of eth0 or the internal ip that
was used to forward in, i''ll be happy.
Then i can use DNS Bind 9.1.0 to use the cheap links for the services i
want and the expensive one to keep our clients flying on the net.
I can deal with the routing myself, my problems are that i can''t
understand how linux mounts the packet or routes it based on the port it
came into the firewall when the destination machine is inside our ISP,
like our sendmail machine, for example.
Any help apreciated.
Thanks in advance.
Roberto Campos
____________________________________________
Meu Provedor Tecnologias e Informtica Ltda.
Rua Camerino, 128 Grs. 302
Centro - Rio de Janeiro - RJ - CEP 20080-010
Tel.: 55 21 22835173 (PABX/FAX)
Telefone Mvel - Celular: 55 21 91978284
Witch is the best way to do it?
Roberto Campos
____________________________________________
Meu Provedor Tecnologias e Informtica Ltda.
Rua Camerino, 128 Grs. 302
Centro - Rio de Janeiro - RJ - CEP 20080-010
Tel.: 55 21 22835173 (PABX/FAX)
Telefone Mvel - Celular: 55 21 91978284
I0Y0g0
*H
0_10 UUS10U
VeriSign, Inc.1705U.Class 1 Public Primary Certification Authority0
991117000000Z
040106235959Z01-0+U
$Certisign Certificadora Digital LTDA10UVeriSign Trust Network1?0=U6Terms of use
at https://www.certisign.com.br/RPA (c)991<0:U3Certisign Class 1 Consumer
Individual Subscriber CA00
*H
0rsBm`CD7RH AgMu5]fVHfx[9lrd7:aq_qD#zrzzFs@B%`r,
00$U0010UAffiliate1-80 `HB0GU @0>0<
`HE0.0,+ https://www.certisign.com.br/RPA0U00U0
*H
py;
hhMSD<J Yj''&"Z
bfxray
DMb`}eSJW?4hJD,Yd8:00Q
)AX2E0
*H
01-0+U
$Certisign Certificadora Digital LTDA10UVeriSign Trust Network1?0=U6Terms of use
at https://www.certisign.com.br/RPA (c)991<0:U3Certisign Class 1 Consumer
Individual Subscriber CA0
011212000000Z
021212235959Z0{1-0+U
$Certisign Certificadora Digital LTDA1''0%UCustomer Support - Class 1
CSC1402U+Terms of use at www.certisign.com/RPA (c)001>0<U5Authenticated by
Certisign Certificadora Digital LTDA1''0%UMember, VeriSign Trust
Network10UPersona Not Validated10UDigital ID Class 1 10URoberto L
Campos1)0'' *H
roberto@meuprovedor.com.br0\0
*H
K0HAF*
`u~mI4IsA4TM)4R
`<A0H%f\G:m-X0T0
U00rUk0i0gecahttp://onsitecrl.verisign.com/CertisignCertificadoraDigitalLTDACustomerSupportClass1CSC/LatestCRL0U
00`HE00(+https://www.verisign.com/CPS0b+0V0VeriSign, Inc.0=VeriSign''s
CPS incorp. by reference liab. ltd. (c)97 VeriSign0 `HB0
`HE 0
*H
s(`r`H oR, 6DLL-yZS
hvENX/;ZfX_tn)/$+YGmOp10001-0+U
$Certisign Certificadora Digital LTDA10UVeriSign Trust Network1?0=U6Terms of use
at https://www.certisign.com.br/RPA (c)991<0:U3Certisign Class 1 Consumer
Individual Subscriber CA
)AX2E0 +0 *H
1 *H
0 *H
1
011217034324Z0# *H
1e>NOKA}0X *H
1K0I0
*H
0*H
0+0
*H
(0+0
*H
0 +71001-0+U
$Certisign Certificadora Digital LTDA10UVeriSign Trust Network1?0=U6Terms of use
at https://www.certisign.com.br/RPA (c)991<0:U3Certisign Class 1 Consumer
Individual Subscriber CA
)AX2E0
*H
@9+t{>"Ig2 OrLJN[y\JB''i