Sorry to chime in so late, I've had an interesting week. If anyone's
tried to get a page from or send a mail to monkeynoodle.org lately,
you'll be glad to know all services seem to be back up to speed. Expect
goofiness from the web server as I'm trying out a little round-robin DNS
action.
Short answer -- power spike blew out my server/workstation's motherboard
and the power supplies to both Internet bridges. I compounded the
problem by trying to rebuild my box with a very cool distro (Sorcerer)
that didn't quite get along with my hardware (bummer).
Short answer is that it can't be done unless you don't need NAT on both
connections. More to the point, PAT. There is an interface to do
one-to-one NATs within iproute2, and I think this might work (haven't
tried it). Also if one of your ISPs provides you with enough real IP
space to use, you can treat it almost as a DMZ or 2nd EXTERN_NET and
then do all the NAT/PATing on the other ISP.
Quickest path to success is two routers. My current set up is two
routers with one fixed IP each. I have each of them portforwarding to a
specific server/workstation which uses that router as its default
gateway:
ISPA ISPB
| |
RTRA RTRB
| |
---------HUB--------------
| |
BOX1 BOX2
www www
mail smtp
ns ns2
squid other stuff
If you have a third router, it can act as the traffic director.
HTH,
Jack
On Wed, 13 Feb 2002, Ryan P. Matijcio wrote:
>
> Hey Reginald!
>
> I found the easy part was getting the two interfaces to work. The hard part is
>trying to get IPChains to be able use both. I think it should be possible, but was
>hoping some more knowledgeable souls could give me they're opinion on it before I
>spend too much time tinkering with it to get it to work. My concern now is if I can
>masq out two interfaces at the same time.
>
> Ultimately, I was hoping to be able to make Dachstein have support for two or more
>external interfaces using the existing EXTERN_IF variable. Or perhaps adding my own
>variable to support additional external interfaces.
>
> My next test will be to try masq'ing on the ppp0 interface with the following
>command:
>
> ipchains -A forward -j MASQ -p all -s 10.0.1.0/24 -d 0/0 -i ppp0
>
> If I see some results after doing this, I might start trying to do more
>modifications to support multiple external interfaces. I'll be trying this in a few
>hours, so maybe I'll post my results to the list.
>
> Cheers,
> Ryan
>
>
> -----Original Message-----
> From: Reginald R. Richardson [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, February 12, 2002 1:24 PM
> To: Ryan P. Matijcio; [EMAIL PROTECTED]
> Subject: Re: [Leaf-user] Dachstein and two external interfaces?
>
> Welcome to the 2 External Interfaces world..
>
> Lots of us has try this, i think Jack Coates has the most experience here with that..
> But so far, i haven't heard of any one, with any SUCCESS story..
>
> Seems like u already figure out the problem, getting the FIREWALL to work with 2
>external interfaces..
>
> I got some grey hair trying that for weeks, till i gived up....
>
> cheers
>
> On Tue, 12 Feb 2002 13:15:11 -0500, Ryan P. Matijcio wrote:
> >I managed to get two interfaces going on Dachstein on Friday. Using
> >the ethX_ROUTES= command instead of the ethX_DEFAULT_GW command. I
> >added �_metric_2� to the end of my route and it created a default
> >route with a metric of 2. I did a network reload and tested
> >everything to ensure it worked properly which it did.
> >
> >
> >
> >So far so good.
> >
> >
> >
> >Next, I brought up the pppoe interface by doing a /etc/init.d/pppoe
> >start. It came up as expected. However, it did not set the default
> >gateway as it normally does. So I did so manually using the ip net
> >command and set it to have a metric of 1. I was thinking of
> >scripting something in the ip-up script to add the gateway
> >automatically with the right metric.
> >
> >
> >
> >I also did some testing from inside the firewall to see if I could
> >pass traffic through it. As expected, I could not. I think this is
> >probably because I need to modify the firewall to support the extra
> >external interface. So my million dollar question is, how can I
> >make Dachstein work with two external interfaces? I�ve been digging
> >thought the ipfilter.conf file and so far haven�t figured out how to
> >make this work. I�d really like to hear some suggestions on how one
> >might accomplish this type of configuration.
> >
> >
> >
> >Thanks in advance.
> >
> >
> >
> >Ryan
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
> -------------------------------------------------------------
> Reginald R. Richardson
> [EMAIL PROTECTED] on 2/12/2002
>
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
> _______________________________________________
> Leaf-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
--
Jack Coates
Monkeynoodle: A Scientific Venture...
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
