similar to: One machine, two net feeds, outbound route selection

Maybe a strange request, I''ll try to explain this as clearer as I can (forgive my bad english, please :-) ). I''m setting a linux box as a router. My router uses multiple routing tables, so I can address the traffic from specific ip addresses of my lan to distinct ISPs providers (specifying a different default gateway fo r each table), marking packets with iptables

Hi, I have searched the archives on the topic, and it seems that the list gurus favor load balancing to be done in the kernel as opposed to other means. I have been using a home-grown approach, which splits traffic based on `-m statistic --mode random --probability X`, then CONNMARKs the individual connections and the kernel happily routes them. I understand that for > 2 links it will become

I am developing load balancing router, But I have a question about fail over. The follow diagram is my test environment and scripts. ------------------------------------------------------------------- Environment Setting PC1(192.168.10.2) | (LAN) | PC2-eth2(192.168.10.1) +

Hi, I am trying to categorize the network traffic and to send it out across two different providers. For this I mark the packets in the firewall (in the PREROUTING chain of table mangle), and then use another routing table for the marked packets, which has a different gateway from the main routing table. Basicaly I am following the cookbook example in this page:

how to use iproute/iptables to balance by packet OUTBOUND traffic between 2 PPP (pptp cable modem and pppoe adsl modem) links to the same ISP . also by using the fact that the ISP dosen''t filter source IP address - meaning i can use either PPP''s link assigned IP address as the source IP in the ip header.., it works for both devices.., what i want to achive is : when uploading a

Hi, I have a testing multihome setup, with the default gateway being one of the links and using policy routing to honor requests for a specific link. Everything works as expected when I request a specific IP to bind to. But if I request a specific interface things fall apart in ways that I can not explain: default gw (WORKS) ---------- rabbit@Thesaurus:~$ ping -c 1 yahoo.com PING yahoo.com

Hello everybody. I''m running linux 2.6.19 with nth match to alternatively snat outgoing connections to two different ip addresses for load balancing between two adsl lines: Here is: $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adslA $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport

Hi guys, Can you take a look at this? :) +-----------+ | | eth1-|- | | -|-eth0---LAN--- | | eth2-|- | | | +-----------+ - eth0 is connected to the LAN having the IP=LAN_IP eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2 I need

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663 packets, 2182K bytes) pkts bytes target prot opt in out source destination 33056

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 ------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET ------- I have been wondering about this bug and had similar problems myself here in my Debian system, linux-kernel 2.6.18 iptables 1.3.6. I too saw that some packets became transmitted illegally through the ppp0 interface, when they just shoudn't. What I

Dear All, I have configured Cluster Suite with 2 servers Server 1 : 192.168.13.110 IP Address Server 2 : 192.168.13.179 IP Address Floating : 192.168.13.83 IP Address (Assumed by currently active server) I want all snmp packets going out through the active server to be stamped with floating IP So i have added a iptables rules as "iptables -t nat -A POSTROUTING -p udp -s

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hello, Since I could not figure out my previous problem, let me ask in a different way. I have 3 networks inside my LAN. They are 172.16.55.0/24 , 172.16.56.0/24 and 172.16.57.0/24 respectively. They all use eth0 as an alias. I also have 2 uplinks to different ISPs. One of them is leased line and the other one is ADSL. One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1 and the

Hi all iam trying to deploy loadbalance and failover My setup description --Fedora Core 4 --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 GNU/Linux --tc utility, iproute2-ss050314 --ip utility, iproute2-ss050314 --iptables v1.3.0 And i had deployed Following configuration #table main with priority 50, the highest one ip rule add prio 50 table main #table 201 ip rule add

Dear all Lartc, I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router, I want all my users conneted with ISP1 and just some IP connected with ISP2 Here is my configuration: Internal network: 10.117.71.0/24 Interface eth0 ISP1: IP for my linux box: 1.2.3.4/29 Interface: eth1 Gateway: 1.2.3.5 ISP2: IP for my

Hi gurus, I need a way to do SNAT based on source mac before routing. This is because hosts attached to my gateway can have duplicate IP addresses, and I have to distinguish over them. I tried to use the nat tool that comes with iproute2, but this force to make a mapping only address to address, and I wanted to do it by mark (I also use iptables to do that). For example, I tried to

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the