LARTC - May 2005 - Starting from scratch w/ multiple uplinks

Hi guys;

I''m sure you are all bored of hearing the same story over and over...  
but here it comes again. :) Yep, tomorrow I''m getting another ADSL  
line installed and I wanted my linux router to handle both providers  
(new and old). I have my linux router (fedora core 2) setup to do NAT  
for my current line, but I know I''ll need to change my configuration  
to accommodate the second line.

I have no problem with ''RTFM'', but since I''ve started
doing my
homework, I''ve realized that things have changed and I guess this is  
the place to get the latest updates since most all sites out there  
still refer to old 2.2/2.4 kernels, workflow and tools.

Ideally I''m looking for a guide I can follow to setup an linux router  
that will handle 2 uplinks and will do some minimal load-balancing  
(to start). Maybe a guide is too much, so if you have pointers, those  
are appreciated equally.

Here''s what I have to start:

1. Fedora Core 2 server with 3 ethernet cards
2. Documentation from: http://lartc.org/howto/

What I know I need to do:

1. Need to recompile my kernel with all the advanced router modules
2. Follow steps in documentation (above) on iproute2
3. Configure iptables

Here''s my network topology:
                                                                         
                                  |------------------|
                                                                         
                                  |  INET 1          |<-------->  
Internet
                                                    
+------------------------------+-------|                        |
+---------------------+                  |                             
(eth0)   |          |------------------|
|                              |                   |  Linux  
Router                |
|   Local network  |                   
|                                          |
|                              | <---------> |  
(eth2)                              |
|   192.168.0.x      |                  | (192.168.0.1)                |
|                              |                   
|                            (eth1)   |         |--------------------|
+---------------------+                  
+------------------------------+------|   INET2             |
                                                                         
                                |                           |<------- 
 > Internet
                                                                         
                                |--------------------|


Here''s what I want to know:
1. Does an updated guide exist for multiple providers?
2. Kernel:
  - What kernel modules do I need to install?
  - Do I need to patch my kernel?
  - Do I need to supply any configuration parameters for these kernel  
modules?
  - Is my documentation up-to-date? If not, what''s the diff and where  
can I get the latest? I heard I shouldn''t use this documentation...
4. Anyone have sample scripts for iptables (NAT) for this type of setup?
5. How do I configure QoS? What''s Wonder Shaper?
6. Am i missing anything?

As long as I''m pointed in the right direction, with good  
documentation, I think I can make it. Of course, I''ll probably need a  
little help, so thanks in advance!

Cheers,

--
Rafael Barrero
r.barrero@mediarete.it

On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit :
> Hi guys;
>
> I''m sure you are all bored of hearing the same story over and
over...
> but here it comes again. :) Yep, tomorrow I''m getting another ADSL
> line installed and I wanted my linux router to handle both providers
> (new and old). I have my linux router (fedora core 2) setup to do NAT
> for my current line, but I know I''ll need to change my
configuration
> to accommodate the second line.
>
> I have no problem with ''RTFM'', but since I''ve
started doing my
> homework, I''ve realized that things have changed and I guess this
is
> the place to get the latest updates since most all sites out there
> still refer to old 2.2/2.4 kernels, workflow and tools.
>
> Ideally I''m looking for a guide I can follow to setup an linux
router
> that will handle 2 uplinks and will do some minimal load-balancing
> (to start). Maybe a guide is too much, so if you have pointers, those
> are appreciated equally.
>
> Here''s what I have to start:
>
> 1. Fedora Core 2 server with 3 ethernet cards
> 2. Documentation from: http://lartc.org/howto/
>
> What I know I need to do:
>
> 1. Need to recompile my kernel with all the advanced router modules
> 2. Follow steps in documentation (above) on iproute2
> 3. Configure iptables
>
> Here''s my network topology:
>
>                                   |------------------|
>
>                                   |  INET 1          |<-------->
> Internet
>
> +------------------------------+-------|                        |
> +---------------------+                  |
> (eth0)   |          |------------------|
> |                              |                   |  Linux
> Router                |
> |   Local network  |
> |                                          |
> |                              | <---------> |
> (eth2)                              |
> |   192.168.0.x      |                  | (192.168.0.1)                |
> |                              |
> |                            (eth1)   |         |--------------------|
> +---------------------+
> +------------------------------+------|   INET2             |
>
>                                 |                           |<-------
>  > Internet
>
>                                 |--------------------|
>
>
> Here''s what I want to know:
> 1. Does an updated guide exist for multiple providers?
> 2. Kernel:
>   - What kernel modules do I need to install?
>   - Do I need to patch my kernel?
>   - Do I need to supply any configuration parameters for these kernel
> modules?
>   - Is my documentation up-to-date? If not, what''s the diff and
where
> can I get the latest? I heard I shouldn''t use this
documentation...
> 4. Anyone have sample scripts for iptables (NAT) for this type of setup?
> 5. How do I configure QoS? What''s Wonder Shaper?
> 6. Am i missing anything?
>
> As long as I''m pointed in the right direction, with good
> documentation, I think I can make it. Of course, I''ll probably
need a
> little help, so thanks in advance!
>
> Cheers,
>
> --
> Rafael Barrero
> r.barrero@mediarete.it
>
Hi Rafael,
>From my point of view, you don''t need to enable advanced routing
options
in the kernel. You may want to enable QoS though, and use iproute.
The kernel setup is not the hard part. The hard part is routing the
traffic on one link or the other, according to your needs.
Have you already asked your self what you want to do with those links?
Load balancing? Some services on one interface and the others on the
second?
First, try to be sure you know what you wan''t to do. Then, think about
a
way to split the traffic between interfaces.

Regards,

Sylvain

Hey;

I guess I should have included that aspect : what I want to achieve.

I''d ideally like to use the new (faster line) as the default line for  
traffic, but be able to use the old line just as often depending on  
usage of the new line. However, it wouldn''t matter if traffic routed  
randomly either. If one of the two lines is down, obviously use the  
one that is up.

I just want to get the most out of both lines at the same time. My  
internal network has two services (http, imap) that need require port- 
forwarding from the router. Other than that the internal network is  
used for surfing the web, ssh, ftp, irc, p2p cients.

What about my questions regarding updated documentation for iproute2  
(setting this all up)?

Thanks,

--
Rafael Barrero
r.barrero@mediarete.it



On May 9, 2005, at 4:30 PM, Sylvain BERTRAND wrote:
> On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit :
>
>> Hi guys;
>>
>> I''m sure you are all bored of hearing the same story over and
over...
>> but here it comes again. :) Yep, tomorrow I''m getting another
ADSL
>> line installed and I wanted my linux router to handle both providers
>> (new and old). I have my linux router (fedora core 2) setup to do NAT
>> for my current line, but I know I''ll need to change my
configuration
>> to accommodate the second line.
>>
>> I have no problem with ''RTFM'', but since
I''ve started doing my
>> homework, I''ve realized that things have changed and I guess
this is
>> the place to get the latest updates since most all sites out there
>> still refer to old 2.2/2.4 kernels, workflow and tools.
>>
>> Ideally I''m looking for a guide I can follow to setup an linux
router
>> that will handle 2 uplinks and will do some minimal load-balancing
>> (to start). Maybe a guide is too much, so if you have pointers, those
>> are appreciated equally.
>>
>> Here''s what I have to start:
>>
>> 1. Fedora Core 2 server with 3 ethernet cards
>> 2. Documentation from: http://lartc.org/howto/
>>
>> What I know I need to do:
>>
>> 1. Need to recompile my kernel with all the advanced router modules
>> 2. Follow steps in documentation (above) on iproute2
>> 3. Configure iptables
>>
>> Here''s my network topology:
>>
>>                                   |------------------|
>>
>>                                   |  INET 1          |<-------->
>> Internet
>>
>> +------------------------------+-------|                        |
>> +---------------------+                  |
>> (eth0)   |          |------------------|
>> |                              |                   |  Linux
>> Router                |
>> |   Local network  |
>> |                                          |
>> |                              | <---------> |
>> (eth2)                              |
>> |   192.168.0.x      |                  |  
>> (192.168.0.1)                |
>> |                              |
>> |                            (eth1)   |          
>> |--------------------|
>> +---------------------+
>> +------------------------------+------|   INET2             |
>>
>>                                 |                          
|<-------
>>
>>> Internet
>>>
>>
>>                                 |--------------------|
>>
>>
>> Here''s what I want to know:
>> 1. Does an updated guide exist for multiple providers?
>> 2. Kernel:
>>   - What kernel modules do I need to install?
>>   - Do I need to patch my kernel?
>>   - Do I need to supply any configuration parameters for these kernel
>> modules?
>>   - Is my documentation up-to-date? If not, what''s the diff
and where
>> can I get the latest? I heard I shouldn''t use this
documentation...
>> 4. Anyone have sample scripts for iptables (NAT) for this type of  
>> setup?
>> 5. How do I configure QoS? What''s Wonder Shaper?
>> 6. Am i missing anything?
>>
>> As long as I''m pointed in the right direction, with good
>> documentation, I think I can make it. Of course, I''ll probably
need a
>> little help, so thanks in advance!
>>
>> Cheers,
>>
>> --
>> Rafael Barrero
>> r.barrero@mediarete.it
>>
>>
>
> Hi Rafael,
>
> From my point of view, you don''t need to enable advanced routing  
> options
> in the kernel. You may want to enable QoS though, and use iproute.
> The kernel setup is not the hard part. The hard part is routing the
> traffic on one link or the other, according to your needs.
> Have you already asked your self what you want to do with those links?
> Load balancing? Some services on one interface and the others on the
> second?
> First, try to be sure you know what you wan''t to do. Then, think  
> about a
> way to split the traffic between interfaces.
>
> Regards,
>
> Sylvain
>
>
>

Am Montag, 9. Mai 2005 17:14 schrieb Rafael A Barrero:
> Hey;
>
> I guess I should have included that aspect : what I want to achieve.
>
> I''d ideally like to use the new (faster line) as the default line
for
> traffic, but be able to use the old line just as often depending on
> usage of the new line. However, it wouldn''t matter if traffic
routed
> randomly either. If one of the two lines is down, obviously use the
> one that is up.
>
> I just want to get the most out of both lines at the same time. My
> internal network has two services (http, imap) that need require
> port- forwarding from the router. Other than that the internal
> network is used for surfing the web, ssh, ftp, irc, p2p cients.
>
> What about my questions regarding updated documentation for iproute2
> (setting this all up)?
>
> Thanks,
>
> --
> Rafael Barrero
> r.barrero@mediarete.it
Ciao Rafael!
Come stai?
First, port-based routing is pretty straightforward:
1) use a default route 
2) add firewall marks to packages you want to route differently
3) add another routing table with the other dsl router as default 
gateway
4) use the fw mark to "sort" packages in the other table, with the 
effect that they are routed via the other gateway.
(see the lartc howto)
that''s all for that, we are using that and it works fine.

Second, controlling and switching the line is a little trickier:
As far as I know,
- linux-ha can''t do the trick natively (PLEASE CORRECT ME! I STILL 
HOPE!)
- no software package exists for that purpose
Therefore a shell skript is required

In a issue of the german linux magazine was a skript which seems to be 
quit good for a similar purpose (two vpn tunnels via two dsl lines), 
and should be easily changed for that purpose.
Perhaps we should try together to make a skript-based deamon (init.d) 
which is configurable and does the testing and switching.

Third: 
Load balancing, Limiting and Priorizing is done with tc or tcng. tc''s 
syntax is really tough (my opinion), tcng is better, but i haven''t 
found the time for it.

Alora, ciao.
>
> On May 9, 2005, at 4:30 PM, Sylvain BERTRAND wrote:
> > On Lun 9 mai 2005 16:05, Rafael A Barrero a écrit :
> >> Hi guys;
> >>
> >> I''m sure you are all bored of hearing the same story over
and
> >> over... but here it comes again. :) Yep, tomorrow I''m
getting
> >> another ADSL line installed and I wanted my linux router to handle
> >> both providers (new and old). I have my linux router (fedora core
> >> 2) setup to do NAT for my current line, but I know I''ll
need to
> >> change my configuration to accommodate the second line.
> >>
> >> I have no problem with ''RTFM'', but since
I''ve started doing my
> >> homework, I''ve realized that things have changed and I
guess this
> >> is the place to get the latest updates since most all sites out
> >> there still refer to old 2.2/2.4 kernels, workflow and tools.
> >>
> >> Ideally I''m looking for a guide I can follow to setup an
linux
> >> router that will handle 2 uplinks and will do some minimal
> >> load-balancing (to start). Maybe a guide is too much, so if you
> >> have pointers, those are appreciated equally.
> >>
> >> Here''s what I have to start:
> >>
> >> 1. Fedora Core 2 server with 3 ethernet cards
> >> 2. Documentation from: http://lartc.org/howto/
> >>
> >> What I know I need to do:
> >>
> >> 1. Need to recompile my kernel with all the advanced router
> >> modules 2. Follow steps in documentation (above) on iproute2
> >> 3. Configure iptables
> >>
> >> Here''s my network topology:
> >>                                   |------------------|
> >>                                   |
> >>                                   |  INET 1         
|<-------->
> >>
> >> Internet
> >>
> >> +------------------------------+-------|                        |
> >> +---------------------+                  |
> >> (eth0)   |          |------------------|
> >>
> >> |                              |                   |  Linux
> >>
> >> Router                |
> >>
> >> |   Local network  |
> >> |
> >> |                              | <---------> |
> >>
> >> (eth2)                              |
> >>
> >> |   192.168.0.x      |                  |
> >>
> >> (192.168.0.1)                |
> >>
> >> |                            (eth1)   |
> >> |--------------------|
> >>
> >> +---------------------+
> >> +------------------------------+------|   INET2             |
> >>
> >>                                 |                           |
<-------
> >>>
> >>> Internet
> >>>
> >>                                 |--------------------|
> >>
> >> Here''s what I want to know:
> >> 1. Does an updated guide exist for multiple providers?
> >> 2. Kernel:
> >>   - What kernel modules do I need to install?
> >>   - Do I need to patch my kernel?
> >>   - Do I need to supply any configuration parameters for these
> >> kernel modules?
> >>   - Is my documentation up-to-date? If not, what''s the
diff and
> >> where can I get the latest? I heard I shouldn''t use this
> >> documentation... 4. Anyone have sample scripts for iptables (NAT)
> >> for this type of setup?
> >> 5. How do I configure QoS? What''s Wonder Shaper?
> >> 6. Am i missing anything?
> >>
> >> As long as I''m pointed in the right direction, with good
> >> documentation, I think I can make it. Of course, I''ll
probably
> >> need a little help, so thanks in advance!
> >>
> >> Cheers,
> >>
> >> --
> >> Rafael Barrero
> >> r.barrero@mediarete.it
> >
> > Hi Rafael,
> >
> > From my point of view, you don''t need to enable advanced
routing
> > options
> > in the kernel. You may want to enable QoS though, and use iproute.
> > The kernel setup is not the hard part. The hard part is routing the
> > traffic on one link or the other, according to your needs.
> > Have you already asked your self what you want to do with those
> > links? Load balancing? Some services on one interface and the
> > others on the second?
> > First, try to be sure you know what you wan''t to do. Then,
think
> > about a
> > way to split the traffic between interfaces.
> >
> > Regards,
> >
> > Sylvain
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
Mit freundlichen Grüßen
Markus Feilner
---------------------------
Feilner IT Linux & GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 
mail mfeilner@feilner-it.net web http://www.feilner-it.net

On Lun 9 mai 2005 17:14, Rafael A Barrero a écrit :
> Hey;
>
> I guess I should have included that aspect : what I want to achieve.
>
> I''d ideally like to use the new (faster line) as the default line
for
> traffic, but be able to use the old line just as often depending on
> usage of the new line. However, it wouldn''t matter if traffic
routed
> randomly either. If one of the two lines is down, obviously use the
> one that is up.
Iproute allows you to route packets according to their iptable''s MARK
field... you can randomly mark packets from new connections (with the
appropriate ratio for each link), and route on this criterion.

You should have a script in /etc/ppp/if{up,down}.d/ that changes the
routes if one link goes {up,down}.
>
> I just want to get the most out of both lines at the same time. My
> internal network has two services (http, imap) that need require port-
> forwarding from the router. Other than that the internal network is
> used for surfing the web, ssh, ftp, irc, p2p cients.
>
Your services can listen on both interfaces, no problem with that... you
can have load balancing on those links with multiple DNS records (though
that''s not a "good thing" (tm).

Use the iptables MARK to use both at the same time, and the appropriate
iproute setup.
> What about my questions regarding updated documentation for iproute2
> (setting this all up)?
I think the contents of LARTC are enough material for you (and of course,
man iproute, man iptables).



For the record, I''ve never actually done this kind of setup,
I''m just
thinking of what should be done to achieve those things. Somebody correct
me if this is just nonsense.

Regards,

Sylvain

On Mon, 2005-05-09 at 16:05 +0200, Rafael A Barrero
wrote:
> Hi guys;
> 
> I''m sure you are all bored of hearing the same story over and
over...
> but here it comes again. :) Yep, tomorrow I''m getting another ADSL
> line installed and I wanted my linux router to handle both providers  
> (new and old). I have my linux router (fedora core 2) setup to do NAT  
> for my current line, but I know I''ll need to change my
configuration
> to accommodate the second line.
I inquired about this a while ago and the final word seemed to be that
in order for you to use two uplinks, both NATting the internal
outbound-originated traffic (i.e. clients behind the gateway going to
Internet based services) and both accepting inbound-originated traffic
(i.e. running services behind the NAT for Internet users to use), one
needs to patch the kernel.

I could not seem to get the traffic leaving the gateway to go via the
uplink that was relevant for it''s NATted source.  All traffic wanted to
leave by only one interface even though it was NATted for the other.  Of
course the upstream dropped the packets because the source address
violated their egress filters.

b.



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> Hi guys;
>
[...]
> Here''s what I want to know:
> 1. Does an updated guide exist for multiple providers?
Look at this howto: http://www.ssi.bg/~ja/nano.txt

i''ve build based onto this howto a load balanced linux (kernel
2.6.11.8)
system with two adsl 3mbit/512kbit devices and it works fine.

-- 
Markus Schulz

On Mon, 2005-05-09 at 20:11 +0200, Markus Schulz wrote:
> Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> > Hi guys;
> >
> [...]
> > Here''s what I want to know:
> > 1. Does an updated guide exist for multiple providers?
> 
> Look at this howto: http://www.ssi.bg/~ja/nano.txt
Indeed, and herein contains the patched needed to a kernel for it to
route packets with a given NATted source address out the right
interface.  Not sure which patch(es) exactly in there do it if not all
of them are really needed for just that functionality.

I sure wish this patch would get rolled into the main kernel.  I hate
having to maintain umpteen kernels for different tasks.

b.



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

On Mon, May 09, 2005 at 04:06:12PM -0400, Brian J. Murrell
wrote:
> On Mon, 2005-05-09 at 20:11 +0200, Markus Schulz wrote:
> > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> > > Hi guys;
> > >
> > [...]
> > > Here''s what I want to know:
> > > 1. Does an updated guide exist for multiple providers?
> > 
> > Look at this howto: http://www.ssi.bg/~ja/nano.txt
> 
> Indeed, and herein contains the patched needed to a kernel for it to
> route packets with a given NATted source address out the right
> interface.  Not sure which patch(es) exactly in there do it if not all
> of them are really needed for just that functionality.
I haven''t pacthed mine and it seems to work, using a debian 2.6.11-3
source package.

What i have done is setup a set of files in
/var/run/multigw{,.dev,.gw,.ip,.speed}, this are feed from scripts in
/etc/ppp/ip-{up.d,down.d}/adsl - this populates the files with valid
numbers when the line goes up or deletes the control file when going
down.  This scripts also run my multigw.sh which setups routes and ip
rules as well - also setups up the SNAT rules are well, I have attached
the script


> 
> I sure wish this patch would get rolled into the main kernel.  I hate
> having to maintain umpteen kernels for different tasks.
> 
> b.
> 

> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Thanks for the link!

At the beginning of the document it states that it will not work with  
two modem connections. What if both my ADSL lines are pppoe? Will  
this still work?

Also, is patching the kernel necessary? (FC2, kernel version 2.6.5)

Thank you,

--
Rafael Barrero
r.barrero@mediarete.it



On May 9, 2005, at 8:11 PM, Markus Schulz wrote:
> Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
>
>> Hi guys;
>>
>>
> [...]
>
>> Here''s what I want to know:
>> 1. Does an updated guide exist for multiple providers?
>>
>
> Look at this howto: http://www.ssi.bg/~ja/nano.txt
>
> i''ve build based onto this howto a load balanced linux (kernel  
> 2.6.11.8)
> system with two adsl 3mbit/512kbit devices and it works fine.
>
> -- 
> Markus Schulz
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
>

On May 10, 2005, at 11:33 AM, Rafael A Barrero wrote:
> Thanks for the link!
>
> At the beginning of the document it states that it will not work  
> with two modem connections. What if both my ADSL lines are pppoe?  
> Will this still work?
>
> Also, is patching the kernel necessary? (FC2, kernel version 2.6.5)
>
> Thank you,
>
> --
> Rafael Barrero
> r.barrero@mediarete.it
hello  marcus rafael , experts

i am a beginner to  iproute 2 and like to set it  up on osx tiger, i  
have similar goals.
someone  did   or could point me to any howto that is more related to  
osx ?

i would like to set up an ipv6 connection to my apache2 webserver and
want to advertise a servise with mDNS over wide area network.

regards

marc
> On May 9, 2005, at 8:11 PM, Markus Schulz wrote:
>> Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
>>> Here''s what I want to know:
>>> 1. Does an updated guide exist for multiple providers?
>>>
>> Look at this howto: http://www.ssi.bg/~ja/nano.txt
>>
>> i''ve build based onto this howto a load balanced linux (kernel
>> 2.6.11.8)
>> system with two adsl 3mbit/512kbit devices and it works fine.
-- 
"In a world without walls or fences, who needs Windows and Gates?"
cuseeme:// 207.44.156.3 CID 0
Max send.14 Max. Recieve.40
brain.let.de
www.applehelpers.com



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Am Montag, 9. Mai 2005 17:58 schrieb Sylvain BERTRAND:
> On Lun 9 mai 2005 17:14, Rafael A Barrero a écrit :
> > Hey;
> >
> > I guess I should have included that aspect : what I want to
> > achieve.
> >
> > I''d ideally like to use the new (faster line) as the default
line
> > for traffic, but be able to use the old line just as often
> > depending on usage of the new line. However, it wouldn''t
matter if
> > traffic routed randomly either. If one of the two lines is down,
> > obviously use the one that is up.
>
> Iproute allows you to route packets according to their iptable''s
MARK
> field... you can randomly mark packets from new connections (with the
> appropriate ratio for each link), and route on this criterion.
>
> You should have a script in /etc/ppp/if{up,down}.d/ that changes the
> routes if one link goes {up,down}.
ACK. But how do you do the checking, if the link is down?
Especially if you have a dsl router in a ethernet subnet.
My subnet consists of three hosts, two of them are bintec routers who do 
the dsl stuff. They are reachable, even if the DSL Line is gone.
How would U check that?
>
> > I just want to get the most out of both lines at the same time. My
> > internal network has two services (http, imap) that need require
> > port- forwarding from the router. Other than that the internal
> > network is used for surfing the web, ssh, ftp, irc, p2p cients.
>
> Your services can listen on both interfaces, no problem with that...
> you can have load balancing on those links with multiple DNS records
> (though that''s not a "good thing" (tm).
>
> Use the iptables MARK to use both at the same time, and the
> appropriate iproute setup.
>
> > What about my questions regarding updated documentation for
> > iproute2 (setting this all up)?
>
> I think the contents of LARTC are enough material for you (and of
> course, man iproute, man iptables).
>
Of course, but there is a need for some comprehensive, easy to 
understand HOWTO for non-techies... I guess.
Especially when it comes to tc and tcng...

>
> For the record, I''ve never actually done this kind of setup,
I''m just
> thinking of what should be done to achieve those things. Somebody
> correct me if this is just nonsense.
>
> Regards,
>
> Sylvain
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
Mit freundlichen Grüßen
Markus Feilner
---------------------------
Feilner IT Linux & GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 
mail mfeilner@feilner-it.net web http://www.feilner-it.net

On Mar 10 mai 2005 13:02, Markus Feilner a écrit :
> Am Montag, 9. Mai 2005 17:58 schrieb Sylvain BERTRAND:
>> On Lun 9 mai 2005 17:14, Rafael A Barrero a écrit :
>> > Hey;
>> >
>> > I guess I should have included that aspect : what I want to
>> > achieve.
>> >
>> > I''d ideally like to use the new (faster line) as the
default line
>> > for traffic, but be able to use the old line just as often
>> > depending on usage of the new line. However, it wouldn''t
matter if
>> > traffic routed randomly either. If one of the two lines is down,
>> > obviously use the one that is up.
>>
>> Iproute allows you to route packets according to their
iptable''s MARK
>> field... you can randomly mark packets from new connections (with the
>> appropriate ratio for each link), and route on this criterion.
>>
>> You should have a script in /etc/ppp/if{up,down}.d/ that changes the
>> routes if one link goes {up,down}.
>
> ACK. But how do you do the checking, if the link is down?
> Especially if you have a dsl router in a ethernet subnet.
> My subnet consists of three hosts, two of them are bintec routers who do
> the dsl stuff. They are reachable, even if the DSL Line is gone.
> How would U check that?
Have a script running that checks connectivity by sending a ping
''outside''.
>>
>> > I just want to get the most out of both lines at the same time. My
>> > internal network has two services (http, imap) that need require
>> > port- forwarding from the router. Other than that the internal
>> > network is used for surfing the web, ssh, ftp, irc, p2p cients.
>>
>> Your services can listen on both interfaces, no problem with that...
>> you can have load balancing on those links with multiple DNS records
>> (though that''s not a "good thing" (tm).
>>
>> Use the iptables MARK to use both at the same time, and the
>> appropriate iproute setup.
>>
>> > What about my questions regarding updated documentation for
>> > iproute2 (setting this all up)?
>>
>> I think the contents of LARTC are enough material for you (and of
>> course, man iproute, man iptables).
>>
> Of course, but there is a need for some comprehensive, easy to
> understand HOWTO for non-techies... I guess.
> Especially when it comes to tc and tcng...
>
If you want to setup this kind of redundancy, you *have* to understand
techie stuff. Out-of-the-box solutions do exist, but they''re
expensive...

Markus Feilner wrote:
> 
> ACK. But how do you do the checking, if the link is down?
> Especially if you have a dsl router in a ethernet subnet.
> My subnet consists of three hosts, two of them are bintec routers who do 
> the dsl stuff. They are reachable, even if the DSL Line is gone.
> How would U check that?
> 
> 
What about specifying an interface to use & send a ping out?

Marc Manthey wrote:
> 
> hello  marcus rafael , experts
> 
> i am a beginner to  iproute 2 and like to set it  up on osx tiger, i  
> have similar goals.
> someone  did   or could point me to any howto that is more related to  
> osx ?
> 
> i would like to set up an ipv6 connection to my apache2 webserver and
> want to advertise a servise with mDNS over wide area network.
> 
> regards
> 
> marc
> 
You should start your own thread. Hijacking isn''t nice.

On May 10, 2005, at 2:07 PM, Robert Vangel wrote:
> Marc Manthey wrote:
>
>> hello  marcus rafael , experts
>> i am a beginner to  iproute 2 and like to set it  up on osx tiger,  
>> i  have similar goals.
>> someone  did   or could point me to any howto that is more related  
>> to  osx ?
>> i would like to set up an ipv6 connection to my apache2 webserver and
>> want to advertise a servise with mDNS over wide area network.
>> regards
>> marc
>>
>
> You should start your own thread. Hijacking isn''t nice.
robert,

I am sure  not  sure  what Hijacking means , but  i did not change  
the subject , right ?

sorry
-- 
"si tacuisses philosophus manSisses"

cuseeme:// 207.44.156.3 CID 0
Max send.14 Max. Recieve.40
www.let.de
www.applehelpers.com



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Markus Schulz wrote:
> Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> 
>>Hi guys;
>>
> 
> [...]
> 
>>Here''s what I want to know:
>>1. Does an updated guide exist for multiple providers?
> 
> 
> Look at this howto: http://www.ssi.bg/~ja/nano.txt
> 
> i''ve build based onto this howto a load balanced linux (kernel
2.6.11.8)
> system with two adsl 3mbit/512kbit devices and it works fine.
> 
Hi Markus,
Can your solution allow incoming packets into your network from a link A
,return out of the link A without nat''ing? I have been trying to get
this to work for a while and I am stumped.

Paulo

Am Dienstag, 10. Mai 2005 09:33 schrieb Rafael A
Barrero:
> Thanks for the link!
>
> At the beginning of the document it states that it will not work with
> two modem connections. What if both my ADSL lines are pppoe? Will
> this still work?
it works fine. if i''m at home i can post my script.
> Also, is patching the kernel necessary? (FC2, kernel version 2.6.5)
i think yes, but i didn''t tried it without. 
i''ve tried only the variant with only one multipath default route
(without the
two additional tables for each device as mentioned in the nano howto) and 
this don''t work.

Markus Schulz

Am Dienstag, 10. Mai 2005 12:39 schrieb Paulo Andre:
> Markus Schulz wrote:
> > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> >>Hi guys;
> >
> > [...]
> >
> >>Here''s what I want to know:
> >>1. Does an updated guide exist for multiple providers?
> >
> > Look at this howto: http://www.ssi.bg/~ja/nano.txt
> >
> > i''ve build based onto this howto a load balanced linux
(kernel 2.6.11.8)
> > system with two adsl 3mbit/512kbit devices and it works fine.
>
> Hi Markus,
> Can your solution allow incoming packets into your network from a link A
> ,return out of the link A without nat''ing? I have been trying to
get
> this to work for a while and I am stumped.
did you mean DNAT from internet into local net? this works fine for various 
services (http, ssh and ftp i''ve running)

without snat (masquerade i have''nt tried) i can''t send
something into the
internet cause of local ip adress i''m using.
> Paulo
Markus Schulz

Markus Schulz wrote:
> Am Dienstag, 10. Mai 2005 12:39 schrieb Paulo Andre:
> 
>>Markus Schulz wrote:
>>
>>>Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
>>>
>>>>Hi guys;
>>>
>>>[...]
>>>
>>>
>>>>Here''s what I want to know:
>>>>1. Does an updated guide exist for multiple providers?
>>>
>>>Look at this howto: http://www.ssi.bg/~ja/nano.txt
>>>
>>>i''ve build based onto this howto a load balanced linux
(kernel 2.6.11.8)
>>>system with two adsl 3mbit/512kbit devices and it works fine.
>>
>>Hi Markus,
>>Can your solution allow incoming packets into your network from a link A
>>,return out of the link A without nat''ing? I have been trying
to get
>>this to work for a while and I am stumped.
> 
> 
> did you mean DNAT from internet into local net? this works fine for various
> services (http, ssh and ftp i''ve running)
For those services do you DNAT from the internet to internally?

Am Dienstag, 10. Mai 2005 13:04 schrieb Paulo Andre:
> Markus Schulz wrote:
> > Am Dienstag, 10. Mai 2005 12:39 schrieb Paulo Andre:
> >>Markus Schulz wrote:
> >>>Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> >>>>Hi guys;
> >>>
> >>>[...]
> >>>
> >>>>Here''s what I want to know:
> >>>>1. Does an updated guide exist for multiple providers?
> >>>
> >>>Look at this howto: http://www.ssi.bg/~ja/nano.txt
> >>>
> >>>i''ve build based onto this howto a load balanced linux
(kernel 2.6.11.8)
> >>>system with two adsl 3mbit/512kbit devices and it works fine.
> >>
> >>Hi Markus,
> >>Can your solution allow incoming packets into your network from a
link A
> >>,return out of the link A without nat''ing? I have been
trying to get
> >>this to work for a while and I am stumped.
> >
> > did you mean DNAT from internet into local net? this works fine for
> > various services (http, ssh and ftp i''ve running)
>
> For those services do you DNAT from the internet to internally?
yes and it works fine. for ftp i''m using additional the conntrack_ftp
modules.

Markus Schulz

Hey guys;

Have any of you seen the script at this page?

http://www.burnpc.com/website.nsf/all/FE5F4F294F508EB786256E600019BC30

On a side note, while balancing the 2 lines, I''m worried about web/ 
ftp/ssh sessions... iptables handles this, correct? I don''t want my  
users to suddenly experience dropped connection for whatever they''re  
using. Anyone have any experience with this?

Thanks,

--
Rafael Barrero
Gruppo Mediarete, S.r.l
r.barrero@mediarete.it



On May 10, 2005, at 2:56 PM, Markus Schulz wrote:
> Am Dienstag, 10. Mai 2005 09:33 schrieb Rafael A Barrero:
>
>> Thanks for the link!
>>
>> At the beginning of the document it states that it will not work with
>> two modem connections. What if both my ADSL lines are pppoe? Will
>> this still work?
>>
>
> it works fine. if i''m at home i can post my script.
>
>
>> Also, is patching the kernel necessary? (FC2, kernel version 2.6.5)
>>
>
> i think yes, but i didn''t tried it without.
> i''ve tried only the variant with only one multipath default route
> (without the
> two additional tables for each device as mentioned in the nano  
> howto) and
> this don''t work.
>
> Markus Schulz
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
>

Am Dienstag, 10. Mai 2005 13:11 schrieb Sylvain
BERTRAND:
> On Mar 10 mai 2005 13:02, Markus Feilner a écrit :
> > Am Montag, 9. Mai 2005 17:58 schrieb Sylvain BERTRAND:
> >> On Lun 9 mai 2005 17:14, Rafael A Barrero a écrit :
> >> > Hey;
> >> >
> >> > I guess I should have included that aspect : what I want to
> >> > achieve.
> >> >
> >> > I''d ideally like to use the new (faster line) as the
default
> >> > line for traffic, but be able to use the old line just as
often
> >> > depending on usage of the new line. However, it
wouldn''t matter
> >> > if traffic routed randomly either. If one of the two lines is
> >> > down, obviously use the one that is up.
> >>
> >> Iproute allows you to route packets according to their
iptable''s
> >> MARK field... you can randomly mark packets from new connections
> >> (with the appropriate ratio for each link), and route on this
> >> criterion.
> >>
> >> You should have a script in /etc/ppp/if{up,down}.d/ that changes
> >> the routes if one link goes {up,down}.
> >
> > ACK. But how do you do the checking, if the link is down?
> > Especially if you have a dsl router in a ethernet subnet.
> > My subnet consists of three hosts, two of them are bintec routers
> > who do the dsl stuff. They are reachable, even if the DSL Line is
> > gone. How would U check that?
>
> Have a script running that checks connectivity by sending a ping
> ''outside''.
>
> >> > I just want to get the most out of both lines at the same
time.
> >> > My internal network has two services (http, imap) that need
> >> > require port- forwarding from the router. Other than that the
> >> > internal network is used for surfing the web, ssh, ftp, irc,
p2p
> >> > cients.
> >>
> >> Your services can listen on both interfaces, no problem with
> >> that... you can have load balancing on those links with multiple
> >> DNS records (though that''s not a "good thing"
(tm).
> >>
> >> Use the iptables MARK to use both at the same time, and the
> >> appropriate iproute setup.
> >>
> >> > What about my questions regarding updated documentation for
> >> > iproute2 (setting this all up)?
> >>
> >> I think the contents of LARTC are enough material for you (and of
> >> course, man iproute, man iptables).
> >
> > Of course, but there is a need for some comprehensive, easy to
> > understand HOWTO for non-techies... I guess.
> > Especially when it comes to tc and tcng...
>
> If you want to setup this kind of redundancy, you *have* to
> understand techie stuff. Out-of-the-box solutions do exist, but
> they''re expensive...
You are completely right.
But tc requires more than "techie stuff" to make it work.
There is no comprehensive docu around which could e.g. used for 
trainings.
this is especially because it''s so powerful.
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
-- 
Mit freundlichen Grüßen
Markus Feilner
---------------------------
Feilner IT Linux & GIS 
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Beraiterweg 4 93047 Regensburg
fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 
mail mfeilner@feilner-it.net web http://www.feilner-it.net

On Tue, May 10, 2005 at 01:02:20PM +0200, Markus Feilner
wrote:
> Am Montag, 9. Mai 2005 17:58 schrieb Sylvain BERTRAND:
> > On Lun 9 mai 2005 17:14, Rafael A Barrero a ?crit :
> > > Hey;
> > >
> > > I guess I should have included that aspect : what I want to
> > > achieve.
> > >
> > > I''d ideally like to use the new (faster line) as the
default line
> > > for traffic, but be able to use the old line just as often
> > > depending on usage of the new line. However, it wouldn''t
matter if
> > > traffic routed randomly either. If one of the two lines is down,
> > > obviously use the one that is up.
> >
> > Iproute allows you to route packets according to their
iptable''s MARK
> > field... you can randomly mark packets from new connections (with the
> > appropriate ratio for each link), and route on this criterion.
> >
> > You should have a script in /etc/ppp/if{up,down}.d/ that changes the
> > routes if one link goes {up,down}.
> 
> ACK. But how do you do the checking, if the link is down?
> Especially if you have a dsl router in a ethernet subnet.
> My subnet consists of three hosts, two of them are bintec routers who do 
> the dsl stuff. They are reachable, even if the DSL Line is gone.
> How would U check that?
I run pppoe on the box so have control over the session or run a ping
out side, but my guess is that the linux box will dead route the route
when the adsl send back an icmp net unreachable
> 
> >
> > > I just want to get the most out of both lines at the same time.
My
> > > internal network has two services (http, imap) that need require
> > > port- forwarding from the router. Other than that the internal
> > > network is used for surfing the web, ssh, ftp, irc, p2p cients.
> >
> > Your services can listen on both interfaces, no problem with that...
> > you can have load balancing on those links with multiple DNS records
> > (though that''s not a "good thing" (tm).
> >
> > Use the iptables MARK to use both at the same time, and the
> > appropriate iproute setup.
> >
> > > What about my questions regarding updated documentation for
> > > iproute2 (setting this all up)?
> >
> > I think the contents of LARTC are enough material for you (and of
> > course, man iproute, man iptables).
> >
> Of course, but there is a need for some comprehensive, easy to 
> understand HOWTO for non-techies... I guess.
> Especially when it comes to tc and tcng...
> 
> 
> >
> > For the record, I''ve never actually done this kind of setup,
I''m just
> > thinking of what should be done to achieve those things. Somebody
> > correct me if this is just nonsense.
> >
> > Regards,
> >
> > Sylvain
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 
> -- 
> Mit freundlichen Gr??en
> Markus Feilner
> ---------------------------
> Feilner IT Linux & GIS 
> Linux Solutions, Training, Seminare und Workshops - auch Inhouse
> Beraiterweg 4 93047 Regensburg
> fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 
> mail mfeilner@feilner-it.net web http://www.feilner-it.net
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

On Tue, May 10, 2005 at 02:39:57PM +0200, Paulo Andre
wrote:
> Markus Schulz wrote:
> > Am Montag, 9. Mai 2005 16:05 schrieb Rafael A Barrero:
> > 
> >>Hi guys;
> >>
> > 
> > [...]
> > 
> >>Here''s what I want to know:
> >>1. Does an updated guide exist for multiple providers?
> > 
> > 
> > Look at this howto: http://www.ssi.bg/~ja/nano.txt
> > 
> > i''ve build based onto this howto a load balanced linux
(kernel 2.6.11.8)
> > system with two adsl 3mbit/512kbit devices and it works fine.
> > 
> Hi Markus,
> Can your solution allow incoming packets into your network from a link A
> ,return out of the link A without nat''ing? I have been trying to
get
> this to work for a while and I am stumped.
If you always want that to be available via a certain route just place
static routes in place in all 3 tables
> 
> Paulo
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Am Dienstag, 10. Mai 2005 14:56 schrieb Markus Schulz:
> Am Dienstag, 10. Mai 2005 09:33 schrieb Rafael A Barrero:
> > Thanks for the link!
> >
> > At the beginning of the document it states that it will not work
> > with two modem connections. What if both my ADSL lines are pppoe?
> > Will this still work?
>
> it works fine. if i''m at home i can post my script.
okay, here is the important part of my script:

#!/bin/sh
set -x
PTP=`ifconfig ppp0 | grep P-t-P | sed ''s/.*P-t-P:\([^
]*\).*/\1/g''`
IP1=`ifconfig ppp0 | grep addr | sed ''s/.*addr:\([^
]*\).*/\1/g''`
IP2=`ifconfig ppp1 | grep addr | sed ''s/.*addr:\([^
]*\).*/\1/g''`

echo 1 >  /proc/sys/net/ipv4/ip_forward

#del all routes from table 201 (search for better way to do this)
for route in `ip rule list | grep ^201 | sed ''s/^201:.*from \([^ ]*\) 
lookup 201/\1/''`; do
        ip rule del prio 201 from $route table 201
done

#del all routes from table 202 (search for better way to do this)
for route in `ip rule list | grep ^202 | sed ''s/^202:.*from \([^ ]*\) 
lookup 202/\1/''`; do
        ip rule del prio 202 from $route table 202
done

ip rule del prio 50 table main
ip rule add prio 50 table main
ip route del default table main

#ppp0
ip rule add prio 201 from $IP1 table 201

#next two lines is for testing purpose
ip rule del fwmark 0x20 table 201
ip rule add fwmark 0x20 table 201

ip route add default via $PTP dev ppp0 src $IP1 proto static table 201
ip route append prohibit default table 201 metric 1 proto static

#ppp1
ip rule add prio 202 from $IP2 table 202
ip route add default via $PTP dev ppp1 src $IP2 proto static table 202
ip route append prohibit default table 202 metric 1 proto static

#multipath route.
ip rule del prio 222 table 222
ip rule add prio 222 table 222
ip route add default table 222 proto static \
        nexthop via $PTP dev ppp0 \
        nexthop via $PTP dev ppp1


#skipped all other firewall iptables rules except the two needed snat 
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -I POSTROUTING -o ppp0 -j SNAT --to-source $IP1
iptables -t nat -I POSTROUTING -o ppp1 -j SNAT --to-source $IP2


if you have some improvements, then let me a note.

-- 
Markus Schulz