LARTC - Aug 2003 - nano howto

Hello.

I''ve read the excellent "nano-howto" about how to
connect a LAN with two ISP connections.

http://www.ssi.bg/~ja/nano.txt

I need to connect a LAN to two ADSLs connections,
with roaring-penguin client. (

eth0-->connected to ADSL #1
eth1-->connected to ADSL #2
eth2-->connected to my lan

I''ve readed and understood the how to, but what
happen when your ISP provide you a dynamic IP,
instead a fixed IP, as default gateway ?
(I must use MASQUERADE in order to provide internet
access to LAN hosts).

In how-to, several times refer to IFE1, IFE2,
of course these are my eth0 and eth1 connections,
but when you refer to IPE1 and IPE2, I don''t know
what must I put on this part on your script:

	ip link set eth0 up
	ip addr flush dev eth0
	ip addr add IPE1/NME1 brd BRD1 dev eth0  # HERE !

	ip link set eth1 up
	ip addr flush dev eth1
	ip addr add IPE2/NME2 brd BRD2 dev eth1  # HERE !

In others words, since ISP provide me a IPE1 and IPE2,
how
must I to complete # HERE lines ?

I suppose that roaring penguin, could put it. 
------
In other part of script, it refer to tables 201 and
202.
In this tables you use that IPs (that provide me the
ISP),
to set up next rules:

	ip rule add prio 201 from NWE1/NME1 table 201
	ip route add default via GWE1 dev eth0 src IPE1 proto
static table 201
	ip route append prohibit default table 201 metric 1
proto static

	ip rule add prio 202 from NWE2/NME2 table 202
	ip route add default via GWE2 dev eth0 src IPE2 proto
static table 202
	ip route append prohibit default table 202 metric 1
proto static

What I must put on NWE1/NME1 IPE1, and NWE2/NME2 IPE2
??


Thank you very much for your help !!! (TIA)

Best regards,

Andres.












------------
Internet GRATIS es Yahoo! Conexión
4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
Más ciudades: http://conexion.yahoo.com.ar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Mo, 2003-08-25 at 20.26 Andres Gregori wrote:
> Hello.
Hi,
> I''ve read the excellent "nano-howto" about how to
> connect a LAN with two ISP connections.
> 
> http://www.ssi.bg/~ja/nano.txt
okay.
> I''ve readed and understood the how to, but what
> happen when your ISP provide you a dynamic IP,
> instead a fixed IP, as default gateway ?
I assume you are using pppoe, if i recall correctly,
you can grep the gateway address off the ''ifconfig
<device>'' output.
 
> In how-to, several times refer to IFE1, IFE2,
> of course these are my eth0 and eth1 connections,
> but when you refer to IPE1 and IPE2, I don''t know
> what must I put on this part on your script:
> 
>       ip link set eth0 up
>       ip addr flush dev eth0
>       ip addr add IPE1/NME1 brd BRD1 dev eth0  # HERE !
> 
>       ip link set eth1 up
>       ip addr flush dev eth1
>       ip addr add IPE2/NME2 brd BRD2 dev eth1  # HERE !
> 
IPE/NME is supposed to be the external ip 1 and its netmask.
Since you are a single host, you can skip the NM part.
if you don''t want to skip, use either /255.255.255.255 the old way,
or /32 the new way. 

NWE is supposed to be you externernal IP-Range/Network, you don''t have
one.
> 
>       ip rule add prio 201 from NWE1/NME1 table 201
>       ip route add default via GWE1 dev eth0 src IPE1 proto
> static table 201
>       ip route append prohibit default table 201 metric 1
> proto static
> 
>       ip rule add prio 202 from NWE2/NME2 table 202
>       ip route add default via GWE2 dev eth0 src IPE2 proto
> static table 202
>       ip route append prohibit default table 202 metric 1
> proto static
> 
> What I must put on NWE1/NME1 IPE1, and NWE2/NME2 IPE2
see above.
> Thank you very much for your help !!! (TIA)
> 
> Best regards,
> 
> Andres.
greets, rob
-- 
| Robert Felber (System-Administrator)            Tel: +49 (0) 89 / 453 12-86 |
| Autohaus Erich Kuttendreier                     Fax: +49 (0) 89 / 453 12-80 |
| Drosselweg 21                                   ICQ:              170059451 |
| 81827 Muenchen                                  Web: http://robtone.mine.nu |
|                                                 PGP:               896CF30B |
| PGP-Fingerprint: CF36 AA93 9716 63E8 962F 15CC A80E 1A79 BF77 25EA          |

Andres Gregori wrote:
> In others words, since ISP provide me a IPE1 and IPE2,
> how
> must I to complete # HERE lines ?
>
> Thank you very much for your help !!! (TIA)
> 
> Best regards,
> 
> Andres.
Here is the script I use to get a dynamically assigned IP
address:
> /sbin/ifconfig ppp0 | awk ''/P-t-P/{split($3,x,":");
print x[2]}'' >/etc/firewall/remoteIP
> /sbin/ifconfig ppp0 | awk ''/inet addr/{split($2,x,":");
print x[2]}'' >/etc/firewall/localIP
Here is the script that brings interfaces up.  Examine the ppp0 stuff
because PEER is a hard to find answer...
> #! /bin/sh
> # /etc/rc.d/rc.nano1
> # This brings up the network interfaces
> # nano1.sh converted to rc.nano1 (which replaces rc.inet1) 6/6/03 JK
> echo -n "rc.nano1: "
> # Abbreviations:
> # IFI		internal interface
> # IPI		IP address of internal interface
> # NWI		internal network IP
> # NMI		netmask for the internal interface
> # IFE1, IFE2	external interfaces
> # IPE1, IPE2	external IP addresses
> # NWE1, NWE2	external network addresses
> # NME1, NME2	masks for the external network in CIDR format (E.G. /24)
> # BRD1, BRD2	broadcast addresses for external networks
> # GWE1, GWE2	gateways for external interfaces
> IFI="eth0"
> IPI="192.168.223.254"
> NWI="192.168.223.0"
> NMI="24"
> IFE1="eth1"
> IFE2="eth2"
> IFE3="eth3"				# cable (search "cable")
> IFE4="ppp0"
> IPE1="168.103.240.89"
> IPE2="168.103.92.1"
> IPE3="127.0.0.1"			# cable
> IPE4=`cat /etc/firewall/localIP`	# dynamic
> NWE1="168.103.240.88"
> NWE2="168.103.92.0"
> NWE3="127.0.0.0"			# cable
> NWE4=`cat /etc/firewall/localIP`
> NME1="29"
> NME2="29"
> NME3="32"				# cable
> NME4="32"
> BRD1="168.103.240.95"			# Broadcast
> BRD2="168.103.92.7"			# Broadcast
> BRD3="127.0.0.255"			# cable
> BRD4=`cat /etc/firewall/remoteIP`	# Broadcast (use "peer" for
ppp0)
> GWE1="168.103.240.94"			# Gateway
> GWE2="168.103.92.6"			# Gateway
> GWE3="127.0.0.254"			# cable
> GWE4=`cat /etc/firewall/remoteIP`	# Gateway, dynamic
> 
> ip link set lo up
> ip addr add 127.0.0.1/8 brd + dev lo
> # "+" is shorthand for the broadcast address, here 127.0.0.255
> ip route add 127.0.0.0/8 dev lo
> 
> ip link set $IFI up
> # Assigning an address will cause the kernel to automatically insert an 
> # appropriate route into table main:
> ip addr add $IPI/$NMI brd + dev $IFI
> # We want table main looked at first, so we assign it a low priority:
> ip rule add prio 10 table main
> # We want to make sure there is no default route in table main.  If there
isn''t
> # one, this will fail (which is fine):
> ip route del default table main
> 
> ip link set $IFE1 up
> # To be sure there are no preexisting IPs assigned to the interface, we
flush:
> ip addr flush dev $IFE1
> # BRD# specifies the broadcast address:
> ip addr add $IPE1/$NME1 brd $BRD1 dev $IFE1
> 
> ip link set $IFE2 up
> ip addr flush dev $IFE2
> ip addr add $IPE2/$NME2 brd $BRD2 dev $IFE2
> 
> #cable #ip link set $IFE3 up
> #cable ip addr flush dev $IFE3
> #cable ip addr add $IPE3/$NME3 brd $BRD3 dev $IFE3
> 
> #ip link set $IFE4 up
> #ppp0  ip addr flush dev $IFE4
> #ppp0  ip addr add $IPE4/$NME4 peer $BRD4 dev $IFE4
> 
> # For established connections, we do not want to match the multipath route.
> # We need to make sure we use the same route as before, so we add a table
for
> # each interface.  We use a priority that makes sure these routes are found
> # after the main table and before the MP table:
> ip rule add prio 20 from $NWE1/$NME1 table eth1
> # Special-case news.iswest.com to use eth1
> ip rule add prio 21 to 216.166.71.237/32 table eth1
> # These are default routes because they must match any address:
> ip route add default via $GWE1 dev $IFE1 src $IPE1 proto static table eth1
> # If the interface is not working, this acts like REJECT; it causes an ICMP
> # PKT_FILTERED to be sent to the requester:
> ip route append prohibit default table eth1 metric 1 proto static
> 
> ip rule add prio 40 from $NWE2/$NME2 table eth2
> ip route add default via $GWE2 dev $IFE2 src $IPE2 proto static table eth2
> ip route append prohibit default table eth2 metric 1 proto static
> 
> #cable ip rule add prio 60 from $NWE3/$NME3 table eth3
> #cable ip route add default via $GWE3 dev $IFE3 src $IPE3 proto static
table eth3
> #cable ip route append prohibit default table eth3 metric 1 proto static
> 
> #ppp0  ip rule add prio 80 from $NWE4/$NME4 table ppp0
> #ppp0  ip route add default via $GWE4 dev $IFE4 src $IPE4 proto static
table ppp0
> #ppp0  ip route append prohibit default table ppp0 metric 1 proto static
> 
> # New connections have no local source address.  Neither is there any
default
> # route, so we create a multipath default route for them:
> ip rule add prio 90 table 9
> ip route add default table 9 proto static equalize nexthop via $GWE1 dev
$IFE1 nexthop via $GWE2 dev $IFE2
> # ip route add default table 9 proto static nexthop via $GWE1 dev $IFE1
nexthop via $GWE2 dev $IFE2
> 
> # Done.
HTH
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/