Hi, I''ve been trying to setup 2 DSL links in the office, both on the
same firewall/router/gateway.
the firewall is running kernel 2.6.11 (custom built on debian).
this is the network diagram:
150.101.124.y/29 (internode''s gw)
|
|
|150.101.124.x/29 (eth2)
+---------+
| |192.168.10.1/24 (eth1)
| FW |------------------------
| | 192.168.10.0/24 (internal net)
+---------+
|203.100.236.x (ppp0)/61.8.x.x/24 (eth0)
|
|
203.9.190.y (pacific.net''s gw)
what I want to achieve:
I have a bunch of ips on the 61.8.x.net/25 net, and they are routed via
203.9.190.y on one of our ISPs (pacific internet). this setup works fine, and I
have heaps of NATed rules on the firewall to nat traffic to internal servers on
the 192.168.10.0/24 network. We just got another DSL from another ISP, to have a
few services running out of it. so we got 5 ips on the 150.101.124.net/29 net,
and I''m trying to also nat them to internal servers. I want to have a
few of the servers reachable from both ISPs. But more than that, I want to
choose which of the servers should primarily go through a chosen link.
I could manage to setup outgoing traffic from specific servers through
internode''s DSL, as the default is pacific internet.
as you can see on my routing tables:
* main routing table:
root@fenestra:~# ip route sh tab main
203.9.190.y dev ppp0 proto kernel scope link src 203.100.236.x
203.100.236.x dev ppp0 scope link src 203.100.236.x
150.101.124.net/29 dev eth2 proto kernel scope link src 150.101.124.x
192.168.10.0/25 dev eth1 scope link src 192.168.10.1
61.8.x.net/25 dev eth0 scope link
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.1
127.0.0.0/8 dev lo scope link
default via 203.9.190.y dev ppp0
* internode routing table:
root@fenestra:~# ip route sh tab internode
203.100.236.x via 203.100.236.x dev ppp0
150.101.124.net/29 dev eth2 scope link src 150.101.124.x
61.8.x.net/25 dev eth0 scope link
192.168.10.0/24 via 192.168.10.1 dev eth1
127.0.0.0/8 dev lo scope link
default via 150.101.124.y dev eth2
* pacificnet routing table:
root@fenestra:~# ip route sh tab pacificnet
203.9.190.y dev ppp0 scope link src 203.100.236.x
203.100.236.x dev ppp0 scope link src 203.100.236.x
61.8.x.net/25 dev ppp0 scope link src 203.100.236.x
192.168.10.0/24 via 192.168.10.1 dev eth1
127.0.0.0/8 dev lo scope link
default via 203.9.190.190 dev ppp0
and on my routing rules:
root@fenestra:~# ip rule sh
0: from all lookup local
32744: from all to 192.168.10.20 lookup internode
32745: from 192.168.10.20 lookup internode
32762: from 150.101.124.178 lookup internode
32763: from 203.100.236.222 lookup pacificnet
32766: from all lookup main
32767: from all lookup default
as an example, I''ll use server 192.168.10.20. I could manage to make
all traffic from that server go through internode, but I couldn''t
figure out a way to create a nat rule to access 192.168.10.20 from outside. I
have the following iptables NAT rules, that should nat traffic to 150.101.124.x
or 61.8.x.x on port 143 to port 22 on 192.168.10.20:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 150.101.124.x tcp dpt:143
to:192.168.10.20:22
DNAT tcp -- 0.0.0.0/0 61.8.x.x tcp dpt:143
to:192.168.10.20:22
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.10.20 0.0.0.0/0 to:150.101.124.x
telneting to port 143 from an outside server on 61.8.x.x 143 works fine:
root@skywalker:~# telnet 61.8.29.31 143
Trying 61.8.29.31...
Connected to 61.8.29.31.
Escape character is ''^]''.
SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.4
but telneting to the same port on 150.101.124.x doesn''t, it actually
does, but is incredibly slow.
don''t know if it''s clear, if not, let me know and
I''ll clarify.
thanks in advance!
cheers,
Fernando