search for: wan2

Hello, I have set up a multipath gateway. System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11. here is the setup: firewall:/# ip rule 0: from all lookup local 100: from all lookup main 152: from all fwmark 10 lookup wan1 153: from all fwmark 20 lookup wan2 201: from 213.223.96.121 lookup wan1 202: from 82.236.230.217 lookup wan2 1000: from all lookup away Fw-cgarp:/etc/firegate# ip route ls table wan1 default via 213.223.96.122 dev eth0 src 213.223.96.121 prohibit default metric 1 Fw-cgarp:/etc/firegate# ip route ls table wan2 defau...

...f both WAN interfaces, and everyting seems to work properly for packets that are generated from the firewall itself. I have set up NAT rules in postrouting table, this way: iptables -t nat -A POSTROUTING -o $WAN -j SNAT -s 10.0.0.0/16 --to-source 217.221.234.74 iptables -t nat -A POSTROUTING -o $WAN2 -j SNAT -s 10.0.0.0/16 --to-source 83.211.205.162 Local net is 10.0.0.0/16, the two WAN interfaces are $WAN and $WAN2, and their relative IP addresses are set as shown. WAN interfaces are phisically different and have no aliases, only the IP shown above. Now, I am experiencing two iss...

Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source address o...

Hi all, I''ve a routing problem. I''m setting up a router based on debian (kernel 2.4). I need to setup routing to export an ftp service (ftp server is in dmz) to 2 wan (both). I setup prerouting ad forward rule with no problem. The problem is that reply packet use default gateway (default wan) even though they are enter using the other wan. I solved it marking packets in input

...PC1(192.168.10.2) | (LAN) | PC2-eth2(192.168.10.1) + + PC2-eth0(111.111.111.2) PC2-eth1(222.222.222.2 ) | | (WAN1) (WAN2) | | PC3-eth0(111.111.111.1) PC3-eth1( 222.222.222.1) + + PC2-eth2(172.16.0.1) PC2-Linux Kernel 2.6.21 PC2-Iptables 1.3.7 ------------------------------------------------------------------- Iptables rules: iptables...

...t tcpflags,dhcp,routefilter,nosmurfs net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2 detect tcpflags,routefilter,nosmurfs wan3 eth3 detect tcpflags,routefilter,nosmurfs dmz eth8 detect # LOCAL loc eth9 detect tcpflags,nosmurfs,detectnets # VLAN v10 vlan10 detect tcpflags,nosmurfs,detectnets v20 vlan20 detect tcpflags,nosmurfs,detectnets v30 vlan30 detect tcpflags,nos...

Hi Tom (and others) encase you don''t know my network already ;) here''s a quick run down eth0 lan 192.168.1.1/255.255.255.0 eth1 wan1 172.30.7.4/255.255.240.0 eth2 wan2 202.37.230.93/255.255.255.192 eth3 wan3 203.96.213.73/255.255.254.0 I''ve got routes and rules for all the above interfaces :) I want to add another one, however I fear this might cause some issues I have another IP address 203.96.212.68/255.255.254.0 which is in the same subnet as eth3...

Background: WAN1 - Fixed IP low latency, low jitter WAN2 - Fixed IP medium latency, higher jitter than I like for good VoIP Firewall/Router not SIP aware NATed LAN Asterisk on server located on LAN. Most, but not all ATA/IP phones on LAN In the past I was running a v1.2 Asterisk which acted as a B2BUA (all RTP streams relayed through Asterisk server)...

...vided me with a WAN IP class for both of the lines, to be routed into a DMZ where the machines a to respond to their respective designated WAN IP on both lines. Every machine on the DMZ has two IP''s one on each ISP WAN Class. I think I''ll better draw a map: WAN1(eth2), WAN2(eth3) --------- (eth0) | |-----\ ---------- | DMZ |---\ \ /---| ISP1 |----- --------- \ \ / ---------- \ \ \ /...

...e box with 2 interfaces, let's say 192.168.1.12 - enp2s0, 192.168.1.13 on enp3s0. Default gateway on enp2s0. The gateway is pfsense, IP is 192.168.1.1 with 2 WAN connections On the gateway the outgoing traffic is routed by source ip to different WAN, 192.168.1.12 to WAN1 and 192.168.1.13 to WAN2 On the centos box are set all the route and routing rules: route-enp2s0: 192.168.1.0/24 dev enp2s0 src 192.168.1.12 table t2 default via 192.168.1.1 dev enp2s0 table t2 route-enp3s0: 192.168.1.0/24 dev enp3s0 src 192.168.1.13 table t3 default via 192.168.1.1 dev enp3s0 table t3 rule-enp2s0: fro...

...e all traffic from squid to this linksys router. Another schematics try for the new scenario: wan -------- shorewall -------- lan (fixed ip) 10.0.0.1 10.0.0.0/24 \ squid only | \----------\ | \ | wan2 ------------------------- linksys (dyn ip) 10.0.0.2 I have googled for a while and found out that I need to use packet marking to achieve what I need; basically mark each squid packet with an identifier and route them accordingly. I found the following instructions with ipt...

...IPs. For instance, I configured openvpn on my peers so that the IPs on the "LAN cards" are the ones appearing on the "ifconfig" line. i.e.: System A LAN 192.168.1.0/24 Linux OpenVPN with eth0 = WAN IP and eth1 = 192.168.1.1 System B LAN 192.168.2.0/24 Linux OpenVPN with eth0 = WAN2 IP and eth1 = 192.168.2.1 On system A, openvpn conf file includes: ifconfig 192.168.1.1 192.168.2.1 On system B, openvpn conf file includes: ifconfig 192.168.2.1 192.168.1.1 I''m curious to know why the tutorial uses the 192.168.99. IPs. If this question is off-topic or if I missed som...

...5080304@loudas.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hi Tom (and others) > encase you don''t know my network already ;) here''s a quick run down > eth0 lan 192.168.1.1/255.255.255.0 > eth1 wan1 172.30.7.4/255.255.240.0 > eth2 wan2 202.37.230.93/255.255.255.192 > eth3 wan3 203.96.213.73/255.255.254.0 > > I''ve got routes and rules for all the above interfaces :) > > Paul. > hey paul is your shorewall actually working with split access?? can you send me your routing config because i couldn'...

...FW:eth2 -------------------------------------------- FW:eth3 | SWITCH:LAN:192.168.1.0/24 (eventually may add FW:eth4 as DMZ but not yet) Each ISP provides 1 static public IP so let eth0:WAN1 eth1:WAN2 eth2:WAN3 eth3:192.168.1.254 I would like to force traffic as so: * POP3, SMTP, FTP: ISP1 only * HTTP, HTTPS: load-balanced ISP1, ISP2, ISP3 EXCEPT for 192.168.1.23 and 192.168.1.36 which should ALWAYS use ISP2 exclusively * IPSEC, PPTP: load-balanced ISP2, ISP3 Note that I would prefer keeping a...

...et's say > 192.168.1.12 - enp2s0, 192.168.1.13 on enp3s0. Default gateway on enp2s0. > > The gateway is pfsense, IP is 192.168.1.1 with 2 WAN connections > > On the gateway the outgoing traffic is routed by source ip to different > WAN, 192.168.1.12 to WAN1 and 192.168.1.13 to WAN2 > > On the centos box are set all the route and routing rules: > > route-enp2s0: > 192.168.1.0/24 dev enp2s0 src 192.168.1.12 table t2 > default via 192.168.1.1 dev enp2s0 table t2 > > route-enp3s0: > 192.168.1.0/24 dev enp3s0 src 192.168.1.13 table t3 > default via 19...

...ancing to outgoing connections to the main table" Actually, the main table/multipath route only routes the first packet of a connection. The subsequent routing for that connection is done based on connmark, for outgoing packets too. Otherwise replies to packets coming from WAN1 may go through WAN2. The difference in the two solutions is only in where packets are marked and which packets are marked. Routing is the same. For a detailed discussion on the first approach, you can refer to this thread. http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html -----Original Message----- From:...

...emove all unnecessary things. Here is the current configs: Side 1: tinc.conf Name = client ConnectTo = server Mode = switch Side 2: tinc.conf Name = server ConnectTo = client Mode = switch host configs contains only Address=XXX and the crypto keys as shown below: Address = wan1.ourdomain (wan2.ourdomain for other side) -----BEGIN RSA PUBLIC KEY----- (cut) -----END RSA PUBLIC KEY----- ECDSAPublicKey = (cut) PS: tinc 1.0.19, which runs in our production environment runs perfectly with same configs on the same machines I'll appreciate any help or advice on that problem! Thanks in adv...

...m faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then all source IPs in the LAN are SNAT to the respective WAN interface when leave for internet. There are also DNAT traffic from internet to the LAN. I want to breakdown the statistic of LAN users using the internet. If I run iptraf on eth0, I will see the LAN stats, but I don''t kno...

Hello folks.. Does any of you know if it is possible to rewrite the ip src in a packet. I have a problem involving a DMZ with external IP addresses routed trough a single WAN IP. When the server initiates a connection, it looks like it comes from the WAN ip instead of it''s designated External IP routed through the WAN. So in short, Is it possible to rewrite the packet in the router,

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is: