LARTC - May 2007 - Newbie: Route some traffic through a pptp tunnel

I have a centos 4 i386 machine that works like a
router (iptables filter, NAT) with two NIC''s.

One NIC is connected to my ISP (100 Mbit FTTH),
I get a DHCP assigned public IP that changes
"sometimes". Most incoming ports are blocked
by my ISP.

In order to get a fixed IP and open ports, I
have to set up a PPTP tunnel to the ISP.

The default gw and the NAT''ing goes to this tunnel.

This is the output of ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:80:C8:EA:88:A7
           inet addr:86.48.47.147  Bcast:86.48.47.255  Mask:255.255.254.0
           inet6 addr: fe80::280:c8ff:feea:88a7/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:8083596 errors:0 dropped:0 overruns:0 frame:0
           TX packets:3408048 errors:22 dropped:0 overruns:22 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:1538901914 (1.4 GiB)  TX bytes:519514046 (495.4 MiB)
           Interrupt:169 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 00:12:79:A0:3D:7E
           inet addr:192.168.4.1  Bcast:192.168.4.255  Mask:255.255.255.0
           inet6 addr: fe80::212:79ff:fea0:3d7e/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:126264 errors:0 dropped:0 overruns:0 frame:0
           TX packets:155536 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:23156937 (22.0 MiB)  TX bytes:111015780 (105.8 MiB)
           Interrupt:177

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:912424 errors:0 dropped:0 overruns:0 frame:0
           TX packets:912424 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:103397649 (98.6 MiB)  TX bytes:103397649 (98.6 MiB)

ppp0      Link encap:Point-to-Point Protocol
           inet addr:86.48.43.19  P-t-P:81.19.236.186  Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1000  Metric:1
           RX packets:120948 errors:0 dropped:0 overruns:0 frame:0
           TX packets:109043 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:80518167 (76.7 MiB)  TX bytes:37434930 (35.7 MiB)

This works today, my problem is that the tunneled traffic is slower than
going through eth0 directly.

How can I:

1. Use the tunnel for incoming and outgoing mail and incoming http requests.
2. NAT traffic from eth1 to eth0, i.e. not through the tunnel
3. Local traffic from the router should access the internet through
eth0, except for outgoing mails.

Mogens


-- 
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk@crc.dk Homepage: http://www.crc.dk

Mogens Kjaer написа:
> I have a centos 4 i386 machine that works like a
> router (iptables filter, NAT) with two NIC''s.
>
> One NIC is connected to my ISP (100 Mbit FTTH),
> I get a DHCP assigned public IP that changes
> "sometimes". Most incoming ports are blocked
> by my ISP.
>
> In order to get a fixed IP and open ports, I
> have to set up a PPTP tunnel to the ISP.
>
> The default gw and the NAT''ing goes to this tunnel.
>
> This is the output of ifconfig:
>
> eth0 Link encap:Ethernet HWaddr 00:80:C8:EA:88:A7
> inet addr:86.48.47.147 Bcast:86.48.47.255 Mask:255.255.254.0
> inet6 addr: fe80::280:c8ff:feea:88a7/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:8083596 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3408048 errors:22 dropped:0 overruns:22 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1538901914 (1.4 GiB) TX bytes:519514046 (495.4 MiB)
> Interrupt:169 Base address:0x4000
>
> eth1 Link encap:Ethernet HWaddr 00:12:79:A0:3D:7E
> inet addr:192.168.4.1 Bcast:192.168.4.255 Mask:255.255.255.0
> inet6 addr: fe80::212:79ff:fea0:3d7e/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:126264 errors:0 dropped:0 overruns:0 frame:0
> TX packets:155536 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:23156937 (22.0 MiB) TX bytes:111015780 (105.8 MiB)
> Interrupt:177
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:912424 errors:0 dropped:0 overruns:0 frame:0
> TX packets:912424 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:103397649 (98.6 MiB) TX bytes:103397649 (98.6 MiB)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:86.48.43.19 P-t-P:81.19.236.186 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1000 Metric:1
> RX packets:120948 errors:0 dropped:0 overruns:0 frame:0
> TX packets:109043 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3
> RX bytes:80518167 (76.7 MiB) TX bytes:37434930 (35.7 MiB)
>
> This works today, my problem is that the tunneled traffic is slower than
> going through eth0 directly.
>
> How can I:
>
> 1. Use the tunnel for incoming and outgoing mail and incoming http 
> requests.
> 2. NAT traffic from eth1 to eth0, i.e. not through the tunnel
> 3. Local traffic from the router should access the internet through
> eth0, except for outgoing mails.
>
> Mogens
>
>
You may find the ROUTE iptables target useful for this.