search for: wan1

Hello, I have set up a multipath gateway. System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11. here is the setup: firewall:/# ip rule 0: from all lookup local 100: from all lookup main 152: from all fwmark 10 lookup wan1 153: from all fwmark 20 lookup wan2 201: from 213.223.96.121 lookup wan1 202: from 82.236.230.217 lookup wan2 1000: from all lookup away Fw-cgarp:/etc/firegate# ip route ls table wan1 default via 213.223.96.122 dev eth0 src 213.223.96.121 prohibit default metric 1 Fw-cga...

...~ja/dgd-usage.txt with dead gateway detection xx.xx.xx.x1/32--->SHDSL#1 (wan0)/ xx.xx.xx.x2/32 server(s) ------> Switch -------> (lan0) Linux Router -- ex. LAMP Server ip 192.168.1.1/28 (wan1)\ ip 192.168.1.2/28 yy.yy.yy.y1/32--->SHDSL#2 gw 192.168.1.1 yy.yy.yy.y2/32 ip rule add prio 10 table main ip rule add prio 20 from xx.xx.xx.x1/32 table 20 ip route append default via xx.xx.xx.x2 dev wan0 src xx.xx.xx.x1 table 20 ip rule add prio 30 from yy.yy.y...

...he setting. However, if I set the rate higher than 4mbit, I will get much lower bandwidth (roughly 4.5mbit) than the setting, no matter how big the setting is. To verify the script, I run it on PC with then I got correct result. Could anybody give me some hints? Thank you Dennis tc qdisc add dev wan1 root handle 1: htb default 10 tc class add dev wan1 parent 1: classid 1:1 htb rate 100mbit tc class add dev wan1 parent 1:1 classid 1:10 htb rate 1mbit ceil 2mbit tc class add dev wan1 parent 1:1 classid 1:11 htb rate 8mbit ceil 8mbit tc filter add dev wan1 protocol ip parent 1: u32 match ip dst 11...

Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source...

Hi all, I''ve a routing problem. I''m setting up a router based on debian (kernel 2.4). I need to setup routing to export an ftp service (ftp server is in dmz) to 2 wan (both). I setup prerouting ad forward rule with no problem. The problem is that reply packet use default gateway (default wan) even though they are enter using the other wan. I solved it marking packets in input

Background: WAN1 - Fixed IP low latency, low jitter WAN2 - Fixed IP medium latency, higher jitter than I like for good VoIP Firewall/Router not SIP aware NATed LAN Asterisk on server located on LAN. Most, but not all ATA/IP phones on LAN In the past I was running a v1.2 Asterisk which acted as a B2BUA (all RTP s...

...tting PC1(192.168.10.2) | (LAN) | PC2-eth2(192.168.10.1) + + PC2-eth0(111.111.111.2) PC2-eth1(222.222.222.2 ) | | (WAN1) (WAN2) | | PC3-eth0(111.111.111.1) PC3-eth1( 222.222.222.1) + + PC2-eth2(172.16.0.1) PC2-Linux Kernel 2.6.21 PC2-Iptables 1.3.7 ------------------------------------------------------------------- Iptables r...

...nfig files: interfaces: #NET net0 ppp0 detect tcpflags,dhcp,routefilter,nosmurfs net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2 detect tcpflags,routefilter,nosmurfs wan3 eth3 detect tcpflags,routefilter,nosmurfs dmz eth8 detect # LOCAL loc eth9 detect tcpflags,nosmurfs,detectnets # VLAN v10 vlan10 detect tcpflags,nosmurfs,detectnets v20 vlan20 detect tcpflags,nos...

Hi Tom (and others) encase you don''t know my network already ;) here''s a quick run down eth0 lan 192.168.1.1/255.255.255.0 eth1 wan1 172.30.7.4/255.255.240.0 eth2 wan2 202.37.230.93/255.255.255.192 eth3 wan3 203.96.213.73/255.255.254.0 I''ve got routes and rules for all the above interfaces :) I want to add another one, however I fear this might cause some issues I have another IP address 203.96.212.68/255.255.254.0 wh...

...9;s have provided me with a WAN IP class for both of the lines, to be routed into a DMZ where the machines a to respond to their respective designated WAN IP on both lines. Every machine on the DMZ has two IP''s one on each ISP WAN Class. I think I''ll better draw a map: WAN1(eth2), WAN2(eth3) --------- (eth0) | |-----\ ---------- | DMZ |---\ \ /---| ISP1 |----- --------- \ \ / ---------- \ \ \...

...e is a Centos 7 up-to-date box with 2 interfaces, let's say 192.168.1.12 - enp2s0, 192.168.1.13 on enp3s0. Default gateway on enp2s0. The gateway is pfsense, IP is 192.168.1.1 with 2 WAN connections On the gateway the outgoing traffic is routed by source ip to different WAN, 192.168.1.12 to WAN1 and 192.168.1.13 to WAN2 On the centos box are set all the route and routing rules: route-enp2s0: 192.168.1.0/24 dev enp2s0 src 192.168.1.12 table t2 default via 192.168.1.1 dev enp2s0 table t2 route-enp3s0: 192.168.1.0/24 dev enp3s0 src 192.168.1.13 table t3 default via 192.168.1.1 dev enp3s0 t...

...c class add dev lan0" $tcq root handle 10: htb $tcc parent 10: classid 10:1 htb rate 100000Kbit # LAN $tcc parent 10:1 classid 10:10 htb rate 80000Kbit ceil 100000Kbit prio 7 $tcq parent 10:10 sfq limit 50 perturb 1 # from wan0 $tcc parent 10:1 classid 10:11 htb rate 2048Kbit prio 3 # from wan1 $tcc parent 10:1 classid 10:12 htb rate 10000Kbit prio 3 ### lan0 - from wan0 ### tcq="tc qdisc add dev lan0" tcc="tc class add dev lan0" $tcq parent 10:11 handle 1: htb $tcc parent 1: classid 1:1 htb rate 2048Kbit # SYN/minimal payload $tcc parent 1:1 classid 1:10 htb rate 1...

...l.net> > Message-ID: <41AF84CB.5080304@loudas.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hi Tom (and others) > encase you don''t know my network already ;) here''s a quick run down > eth0 lan 192.168.1.1/255.255.255.0 > eth1 wan1 172.30.7.4/255.255.240.0 > eth2 wan2 202.37.230.93/255.255.255.192 > eth3 wan3 203.96.213.73/255.255.254.0 > > I''ve got routes and rules for all the above interfaces :) > > Paul. > hey paul is your shorewall actually working with split access?? can you send me your...

...FW:eth1 FW:eth2 -------------------------------------------- FW:eth3 | SWITCH:LAN:192.168.1.0/24 (eventually may add FW:eth4 as DMZ but not yet) Each ISP provides 1 static public IP so let eth0:WAN1 eth1:WAN2 eth2:WAN3 eth3:192.168.1.254 I would like to force traffic as so: * POP3, SMTP, FTP: ISP1 only * HTTP, HTTPS: load-balanced ISP1, ISP2, ISP3 EXCEPT for 192.168.1.23 and 192.168.1.36 which should ALWAYS use ISP2 exclusively * IPSEC, PPTP: load-balanced ISP2, ISP3 Note that I would prefer...

...box with 2 interfaces, let's say > 192.168.1.12 - enp2s0, 192.168.1.13 on enp3s0. Default gateway on enp2s0. > > The gateway is pfsense, IP is 192.168.1.1 with 2 WAN connections > > On the gateway the outgoing traffic is routed by source ip to different > WAN, 192.168.1.12 to WAN1 and 192.168.1.13 to WAN2 > > On the centos box are set all the route and routing rules: > > route-enp2s0: > 192.168.1.0/24 dev enp2s0 src 192.168.1.12 table t2 > default via 192.168.1.1 dev enp2s0 table t2 > > route-enp3s0: > 192.168.1.0/24 dev enp3s0 src 192.168.1.13 tab...

...nt, leaving load balancing to outgoing connections to the main table" Actually, the main table/multipath route only routes the first packet of a connection. The subsequent routing for that connection is done based on connmark, for outgoing packets too. Otherwise replies to packets coming from WAN1 may go through WAN2. The difference in the two solutions is only in where packets are marked and which packets are marked. Routing is the same. For a detailed discussion on the first approach, you can refer to this thread. http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -----Original...

...mizing them by remove all unnecessary things. Here is the current configs: Side 1: tinc.conf Name = client ConnectTo = server Mode = switch Side 2: tinc.conf Name = server ConnectTo = client Mode = switch host configs contains only Address=XXX and the crypto keys as shown below: Address = wan1.ourdomain (wan2.ourdomain for other side) -----BEGIN RSA PUBLIC KEY----- (cut) -----END RSA PUBLIC KEY----- ECDSAPublicKey = (cut) PS: tinc 1.0.19, which runs in our production environment runs perfectly with same configs on the same machines I'll appreciate any help or advice on that proble...

...e the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then all source IPs in the LAN are SNAT to the respective WAN interface when leave for internet. There are also DNAT traffic from internet to the LAN. I want to breakdown the statistic of LAN users using the internet. If I run iptraf on eth0, I will see the LAN...

Hello folks.. Does any of you know if it is possible to rewrite the ip src in a packet. I have a problem involving a DMZ with external IP addresses routed trough a single WAN IP. When the server initiates a connection, it looks like it comes from the WAN ip instead of it''s designated External IP routed through the WAN. So in short, Is it possible to rewrite the packet in the router,

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is: