similar to: per port ip routing -- possible?

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=33 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Additional Comments From

Hi all! I try to make port based routing, because a have two connections to the internet. My router is a "one disk floppy router for linux". It is a big router project www.fli4l.de. I try also to make a opt, it is like a plugin for this router. This project uses Kernel 2.2.19 compiled with libc5 (because it is small and you can use one floppy disk). At the moment, iproute2 is not

I set up this config: +------+ -+ ISP1 +--+ +------+ | +-------+ +--+ linux | +------+ | +-------+ -+ ISP2 +--+ +------+ No problem. Standard setup with two ISP''s. Both routed subnets. Default gateway is ISP1. No magic here. Now I put a server behind the Linux box. I want the server to be reachable on an /extra/ IP in the routed subnet of ISP2. +------+ -+ ISP1

Hello guys, I am still in doubt about this kind of server. So my question is about the "prio" at routing tables like: I have 3 tables in /etc/iproute2/rt_tables: 201 201 202 202 222 222 In table 201 there is the rules about my internet link (frame relay) that comes into eth0. So I made this route into it: [root@ns2 iproute2]# ip route show table 201 default via

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

Hello everyone... I have a little trouble and need some help :P How can I check on which interface the packet is going (eth0, eth1; I have two ISP and on eth3 little LAN), using to check it TC and IMQ? (HTB script) I tried to mark packets, but on chain POSTROUTING this does not work... Maybe because packets fall on IMQ before signing. I tried marking it on FORWARD but packets also

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit

Ok ive been trying to get this to work for about half a year now. Ive searched all over the internet for a solution for my problem. Ive found some solutions, but they only led me to yet more problems. What we want to do is the following: I live in a student complex with 7 other people. Every room has its own internet connection from the same ISP. Ip, gateway, subnet are asigned through dhcp on

Hi all, i''m having a somewhat stupid problem I can''t get rid of. we''ve a server that accepts incoming world connections from a load balancer (10.10.10.4) to port 80, and we still want to serve incoming ssh/http from the firewall (10.10.10.1) routed to this host (10.10.10.90) and their reply packets of cause shall be send out through the firewall. unfortunately, both

Hi, I have two DSL line from the different provider connected to my Linux Router Firewall. Server_A is behind the Linux Router Firewall. DSL0 -- | ---- LINUX_ROUTER_FW -- SERVER_A DSL1 -- I have the following IPTABLES command to make incoming access to Server A''s web service throught port 82 as below: - $IPTABLES -t nat -A PREROUTING -i eth1 -p tcp --dport 82 -j DNAT

Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source address of WAN2 and

Hi everybody, sorry for posting again, however I''ve moved the problem now ;-) After digging a bit deeper, I''ve successfully set up the routing as such, it works for incoming as well as outgoing packets that take the default route. Changing some of the routes using IP works as well. When I mark some outgoing packets in order to send them via another route (the fast leased line

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all

Hello, This is on Centos 6 and not something I think is wrong with Centos 6 but I am looking to see if anybody else has experienced this and if there is solution. So thanks up front for indulging me. Because Linux makes routing decisions before SNAT it is causing problems when trying to use FTP with two upstream providers in a load balanced setup. Other than ftp, things seem to work OK. Below

I am working on a split route and ShoreWall system. I reviewed the lartc documentation but have a few areas that I still need help on. Here is my network: 64.xxx.xxx.1/25 66.xxx.xxx.129/26 | | ################################################# # Eth2 64.xxx.xxx.2 eth0 66.xxx.xxx.130 # #

Hello again, I may have a common problem to solve but it seems it is harder than I thought... I have 2 internet providers (each one having a different gateway). Behind the router there are around 100 clients that are SNAT-ed. I want some clients to be SNAT-ed to the first provider, while the others to the second one. The following lines should work: iptables -t nat -A POSTROUTING -s

I am trying to build a firewall and from my reading of the list archives and other places, I''m worried about unintended interactions between iptables and iproute2. Here is my situation I have an internal network on eth0 and two separate dmzs on eth1 and eth2 respectively (a wireless network and a kiosk). On the outbound side, I have a cablemodem provider and a dsl provider. What I

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp