LARTC - Oct 2006 - Problem with two providers:Need to route packets on the interface on which they arrives.

There is a simple way a hard way to do this. You could use
connmark in iptables. And then use ip rule & routes to set
route based on that. As I am not going to replicate this to test
I wont try and guess commands.

Easiest configure 2 IP''s on server.

DNAT like 
iptables -t nat -I PREROUTING 1 -i ethA -j DNAT --to-destination
<10.0.0.A> 
iptables -t nat -I PREROUTING 1 -i ethB -j DNAT --to-destination
<10.0.0.B>

ip rule add from 10.0.0.B lookup 120
ip route add default via <B ISP Address> table 120

Thats the easiest I can think of.



On Sat, 2006-10-14 at 13:10 +0200, KORTA wrote:
> Hello,
> 
>  
> 
> i would like to know how to resolve a problem.
> 
>  
> 
> I have a debian router with 3 interfaces (LAN, and two internet
> providers (Provider A, Provider B)).
> 
>  
> 
> The default route is configured to use the provider A
> 
>  
> 
> The problem is that,
> 
> When an external connection arrives from provider B to an internal
> server (with nat),  the packet is routed to the default route:
> 
> I explain:
> 
> -         A packet arrives from provider B in direction of a internal
> server
> 
> -         The router performs nat operation
> 
> -         The internal server generates a response
> 
> -         The router routes the packet on the interface Provider A
> 
>  
> 
> Consequently, The connection cannot been established 
> 
>  
> 
> I want to know if its possible to configure my debian router to route
> packets to the interface on which packet arrives. In the example,
> packets should have been routed by the interface connected to provider
> B
> 
>  
> 
> If yes, do you know how to do that ?
> 
>  
> 
> Thanks.
> 
>  
> 
>  
> 
> 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi

    Yep, I understand so looking at this. What I describe below
is the simplest way I can think of doing it. Else you should
look at connmark or even the wonderful ebtables.

modem A IP 192.168.0.254 next hop 192.168.0.253
modem B IP 172.16.30.254 next hop 172.16.30.254

Server address is 10.0.0.12 and 10.0.0.13

if packet comes from MODEM A DNAT to server address 10.0.0.12
if packet comes from MODEM B DNAT to server address 10.0.0.13

Req from modem A responce ACK from sever 10.0.0.12 comes back and it
chooses default route modem A 

Req from modem B responce ACK from server 10.0.0.13 comes back and it 
chooses route from table 120

Cause you have added rule
ip rule add from 10.0.0.13 lookup 120
ip route add default via 172.16.30.254 table 120
-or-
ip route add from 10.0.0.13 via 172.16.30.254 (but I like tables so I
suggest above)

Some may look at this as a bad solution as it creates hidden solution
specific info.

Now if you want to make this a better solution look at connmark and
mark. And ip rule add fwmark XX lookup X. I know this would work but 
you will have to figure it out.

Also you have ipt_ROUTE but I have little success with this.


 
On Sat, 2006-10-14 at 19:21 +0200, KORTA wrote:
> I made a picture
> If a packet arrives from provider B, I want that the packet will be routed
> by the same provider even if the default route is provider A.
> 
> You gave me the syntax to route from source address,
> I just want to know if there is possible to route packets depends on which
> interface they arrives.
> Tx
> 
> 
> -----Message d''origine-----
> De : Oscar Mechanic [mailto:oscar@ufomechanic.net] 
> Envoyé : samedi 14 octobre 2006 13:56
> À : KORTA
> Cc : lartc@mailman.ds9a.nl
> Objet : Re: [LARTC] Problem with two providers:Need to route packets on the
> interface on which they arrives.
> 
> There is a simple way a hard way to do this. You could use
> connmark in iptables. And then use ip rule & routes to set
> route based on that. As I am not going to replicate this to test
> I wont try and guess commands.
> 
> Easiest configure 2 IP''s on server.
> 
> DNAT like 
> iptables -t nat -I PREROUTING 1 -i ethA -j DNAT --to-destination
> <10.0.0.A> 
> iptables -t nat -I PREROUTING 1 -i ethB -j DNAT --to-destination
> <10.0.0.B>
> 
> ip rule add from 10.0.0.B lookup 120
> ip route add default via <B ISP Address> table 120
> 
> Thats the easiest I can think of.
> 
> 
> 
> On Sat, 2006-10-14 at 13:10 +0200, KORTA wrote:
> > Hello,
> > 
> >  
> > 
> > i would like to know how to resolve a problem.
> > 
> >  
> > 
> > I have a debian router with 3 interfaces (LAN, and two internet
> > providers (Provider A, Provider B)).
> > 
> >  
> > 
> > The default route is configured to use the provider A
> > 
> >  
> > 
> > The problem is that,
> > 
> > When an external connection arrives from provider B to an internal
> > server (with nat),  the packet is routed to the default route:
> > 
> > I explain:
> > 
> > -         A packet arrives from provider B in direction of a internal
> > server
> > 
> > -         The router performs nat operation
> > 
> > -         The internal server generates a response
> > 
> > -         The router routes the packet on the interface Provider A
> > 
> >  
> > 
> > Consequently, The connection cannot been established 
> > 
> >  
> > 
> > I want to know if its possible to configure my debian router to route
> > packets to the interface on which packet arrives. In the example,
> > packets should have been routed by the interface connected to provider
> > B
> > 
> >  
> > 
> > If yes, do you know how to do that ?
> > 
> >  
> > 
> > Thanks.
> > 
> >  
> > 
> >  
> > 
> > 
> > _______________________________________________
> > LARTC mailing list
> >
LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

I cannot do that because i forgot to mention that there is another router which
performs nat operation located between the lan and the debian.
I''m blocked on this problem.
Anybody knows perhars a good site or a good link which contains documentation
about contrack , connmark, etc..

I hope somebody can help me.
I want to know if it''s possible to configure my debian router to route
packets to the interface on which packet arrives. ??



-----Message d''origine-----
De : Oscar Mechanic [mailto:oscar@ufomechanic.net] 
Envoyé : samedi 14 octobre 2006 19:45
À : KORTA
Cc : lartc@mailman.ds9a.nl
Objet : RE: [LARTC] Problem with two providers:Need to route packets on the
interface on which they arrives.

Hi

    Yep, I understand so looking at this. What I describe below
is the simplest way I can think of doing it. Else you should
look at connmark or even the wonderful ebtables.

modem A IP 192.168.0.254 next hop 192.168.0.253
modem B IP 172.16.30.254 next hop 172.16.30.254

Server address is 10.0.0.12 and 10.0.0.13

if packet comes from MODEM A DNAT to server address 10.0.0.12
if packet comes from MODEM B DNAT to server address 10.0.0.13

Req from modem A responce ACK from sever 10.0.0.12 comes back and it
chooses default route modem A 

Req from modem B responce ACK from server 10.0.0.13 comes back and it 
chooses route from table 120

Cause you have added rule
ip rule add from 10.0.0.13 lookup 120
ip route add default via 172.16.30.254 table 120
-or-
ip route add from 10.0.0.13 via 172.16.30.254 (but I like tables so I
suggest above)

Some may look at this as a bad solution as it creates hidden solution
specific info.

Now if you want to make this a better solution look at connmark and
mark. And ip rule add fwmark XX lookup X. I know this would work but 
you will have to figure it out.

Also you have ipt_ROUTE but I have little success with this.


 
On Sat, 2006-10-14 at 19:21 +0200, KORTA wrote:
> I made a picture
> If a packet arrives from provider B, I want that the packet will be routed
> by the same provider even if the default route is provider A.
> 
> You gave me the syntax to route from source address,
> I just want to know if there is possible to route packets depends on which
> interface they arrives.
> Tx
> 
> 
> -----Message d''origine-----
> De : Oscar Mechanic [mailto:oscar@ufomechanic.net] 
> Envoyé : samedi 14 octobre 2006 13:56
> À : KORTA
> Cc : lartc@mailman.ds9a.nl
> Objet : Re: [LARTC] Problem with two providers:Need to route packets on the
> interface on which they arrives.
> 
> There is a simple way a hard way to do this. You could use
> connmark in iptables. And then use ip rule & routes to set
> route based on that. As I am not going to replicate this to test
> I wont try and guess commands.
> 
> Easiest configure 2 IP''s on server.
> 
> DNAT like 
> iptables -t nat -I PREROUTING 1 -i ethA -j DNAT --to-destination
> <10.0.0.A> 
> iptables -t nat -I PREROUTING 1 -i ethB -j DNAT --to-destination
> <10.0.0.B>
> 
> ip rule add from 10.0.0.B lookup 120
> ip route add default via <B ISP Address> table 120
> 
> Thats the easiest I can think of.
> 
> 
> 
> On Sat, 2006-10-14 at 13:10 +0200, KORTA wrote:
> > Hello,
> > 
> >  
> > 
> > i would like to know how to resolve a problem.
> > 
> >  
> > 
> > I have a debian router with 3 interfaces (LAN, and two internet
> > providers (Provider A, Provider B)).
> > 
> >  
> > 
> > The default route is configured to use the provider A
> > 
> >  
> > 
> > The problem is that,
> > 
> > When an external connection arrives from provider B to an internal
> > server (with nat),  the packet is routed to the default route:
> > 
> > I explain:
> > 
> > -         A packet arrives from provider B in direction of a internal
> > server
> > 
> > -         The router performs nat operation
> > 
> > -         The internal server generates a response
> > 
> > -         The router routes the packet on the interface Provider A
> > 
> >  
> > 
> > Consequently, The connection cannot been established 
> > 
> >  
> > 
> > I want to know if its possible to configure my debian router to route
> > packets to the interface on which packet arrives. In the example,
> > packets should have been routed by the interface connected to provider
> > B
> > 
> >  
> > 
> > If yes, do you know how to do that ?
> > 
> >  
> > 
> > Thanks.
> > 
> >  
> > 
> >  
> > 
> > 
> > _______________________________________________
> > LARTC mailing list
> >
LARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

KORTA wrote:
>
> Hello,
>
>  
>
> i would like to know how to resolve a problem.
>
>  
>
> I have a debian router with 3 interfaces (LAN, and two internet 
> providers (Provider A, Provider B)).
>
>  
>
> The default route is configured to use the provider A
>
>  
>
> The problem is that,
>
> When an external connection arrives from provider B to an internal 
> server (with nat),  the packet is routed to the default route:
>
> I explain:
>
> -          A packet arrives from provider B in direction of a internal 
> server
>
> -          The router performs nat operation
>
> -          The internal server generates a response
>
> -          The router routes the packet on the interface Provider A
>
>  
>
> Consequently, The connection cannot been established
>
>  
>
> I want to know if its possible to configure my debian router to route 
> packets to the interface on which packet arrives. In the example, 
> packets should have been routed by the interface connected to provider B
>
>  
>
> If yes, do you know how to do that ?
>
>  
>
> Thanks.
>
>  
>
    I think tha CONNTRACK solves this problem for you, putting packets 
that comes in and out, using PREROUTING and POSTROUTING.
    []s.