thr3ads.net - LARTC - Fwd: Re: Splitting internet access with two providers [Apr 2003]

If this information is useful, please help other people find it:
Share via:
GoMi .
2003-Apr-07 13:41 UTC
Fwd: Re: Splitting internet access with two providers

Sorry, that was a mistake, the actual scenario is the following :
                  ______
<hub1> <-------> |Switch|            ______
                 |      |           |      |  eth2
<hub2> <-------> |      |           |Linux | <---------->
Router ADSL1
  .              |      |    eth3   |      |192.168.3.5   192.168.3.6
  .              |      |  <----->  | Box  |
  .              |      |192.169.1.1|      |  eth0
  .              |      |           |      | <----------> Router ADSL2
<hub24> <------> |______|           |______|192.168.4.2  
192.168.4.1

-----BEGIN PGP SIGNED MESSAGE----->Hash: SHA1
>
>On Sunday 06 April 2003 17:56, GoMi . scrawled:
> > Hi there, since i failed to shape traffic due to p2p programs, i am
> > thinking about splitting my internet connection. Here is the scenario 
>once
> > again for those who haven''t red any of my emails :)
> >
> >                  ______
> > <hub1> <-------> |Switch|            ______
> >
> >                  |      |           |      |  eth0
> >
> > <hub2> <-------> |      |           |Linux |
<----------> Router ADSL1
> >   .              |      |    eth3   |      |192.168.3.5   192.168.3.6
> >   .              |      |  <----->  | Box  |
> >   .              |      |192.169.1.1|      |  eth2
> >   .              |      |           |      | <----------> Router
ADSL2
> > <hub24> <------> |______|           |______|192.168.4.2  
192.168.4.1
> >
> > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one
>only
> > for massive downloads.
> >
> > The problem comes with connection tracking, it looks like its not 
>working,
> > probably i am doing something wrong.  Where is connection_tracking
being
> > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT 
>depending
> > on the --destination-port option, and i am using a stateful firewall,
> > anyone having the same troble, anyone can light me up? :)
> >
> > PD: Sorry for my poor english :)
> >
> > ##################################################
> > ## SNAT
> > ##
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp
--dport
> > 0:1024 -j SNAT --to 192.168.3.5
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp
--dport
> > 0:1024 -j SNAT --to 192.168.3.5
> >
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp
--dport
> > 1024: -j SNAT --to 192.168.4.2
> > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp
--dport
> > 1024: -j SNAT --to 192.168.4.2
> >
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to
> > 192.168.3.5
> >
> >
> > ####################################################
> > ##  Stateful Firewall
> > ##
> >
> >         iptables -t filter -N keep_state
> >         iptables -t filter -A keep_state -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> >         iptables -t filter -A keep_state -j RETURN
> >
> >         iptables -t nat -N keep_state
> >         iptables -t nat -A keep_state -m state --state 
>RELATED,ESTABLISHED
> > -j ACCEPT
> >         iptables -t nat -A keep_state -j RETURN
> >
> >        iptables -t nat -A PREROUTING -j keep_state
> >        iptables -t nat -A POSTROUTING -j keep_state
> >        iptables -t nat -A OUTPUT -j keep_state
> >
> >        iptables -t filter -A INPUT -j keep_state
> >        iptables -t filter -A OUTPUT -j keep_state
> >        iptables -t filter -A FORWARD -j keep_state
> >
> >
> > _________________________________________________________________
> > Charla con tus amigos en línea mediante MSN Messenger:
> > http://messenger.yupimsn.com/
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>hi,
>    you are SNATting outgoing traffic on eth0 with the IP address of eth2
>(192.168.4.2) and vice versa.
>
> > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp
--dport
> > 0:1024 -j SNAT --to 192.168.3.5
>
>   typo or this was the error??
>
>thanks,
>ashok
>
>- --
>- 
>-----------------------------------------------------------------------------
>My public key:
>    gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E
>- 
>-----------------------------------------------------------------------------
>"...there is nothing so unnatural as the commonplace."
>Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of 
>Identity"
>- 
>-----------------------------------------------------------------------------
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.7 (GNU/Linux)
>
>iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E
>zLCuLmTsRKUVcbI1wca7mp0>=XA1n
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_________________________________________________________________
Charla con tus amigos en línea mediante MSN Messenger: 
http://messenger.yupimsn.com/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
LARTC - Apr 2003 - Fwd: Re: Splitting internet access with two providers

Fwd: Re: Splitting internet access with two providers
