Hi fooler,
I understand multiple routing tables for multi-NIC setup. However, My setup is
more like both routers and my server is connected to a network switch, to put
it simply. To illustrate:
DSL A <==> Router/FW A <====\ (10.20.30.40/8) |
LAN Switch <==> Server (10.9.8.7/8)
|
DSL B <==> Router/FW B <====/ (10.11.12.13/8)
Until a couple of weeks ago, Router B was non-existent and both DSL lines were
connected to Router A. Circumstances forced me to setup router B and connect
DSL B to it. So now, previous traffic that flowed through DSL B to the server
aren't routed properly, but they have been rerouted through DSL A, so it is not
a big concern right now. I'm just wondering if there's a way to get traffic in
DSL B bound for the server flowing back again with the new setup. If not, I
can live with it.
--- mike t.
From: fooler mail <[email protected]>
To: Michael Tinsay <[email protected]>; Philippine Linux Users' Group (PLUG)
Technical Discussion List <[email protected]>
Sent: Sunday, 3 July 2016, 19:56
Subject: Re: [plug] Recognizing traffic from multiple gateways
ill give you an idea how to do it as im blind with your network topology
linux can now have multiple virtual routing tables as well as multiple
network namespaces.. this leads to virtualization in the OS layer such
as LXC, Docker, etc...
assuming your server have two network interface cards .. eth0
connected to router A and eth1 connected to router B
virtual routing table id is based on number.. we will make a mapping
that virtual routing table id number to name.. just like in /etc/hosts
but the file is /etc/iproute2/rt_tables:
echo "200 routerA" >> /etc/iproute2/rt_tables
echo "201 routerB" >> /etc/iproute2/rt_tables
then create their default gateway for table routerA and table routerB:
ip route add default via <router A gateway IP address> dev eth0 table routerA
ip route add default via <router B gateway IP address> dev eth1 table routerB
then you have to mark or tag the incoming packets for eth0 and eth1..
we will tag all packets coming from eth0 as tag id 1 and all packets
coming from eth1 as tag id 2:
iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -i eth1 -j MARK --set-mark 2
you can add specific destination protocol and port number of your
server service in the iptables rule above to match specific packet...
next is to add policy based routing rule:
ip rule add from all fwmark 1 table routerA
ip rule add from all fwmark 2 table routerB
the above rule says:
if outgoing packet tag as 1.. it will consult virtual routing table
routerA.. because your default gateway is the router A gateway IP
address.. it will send to router A...
if outgoing packet tag as 2.. it will consult virtual routing table
routerB.. because your default gateway is the router B gateway IP
address.. it will send to router B...
thats the basic of policy based routing...
fooler.
On Sat, Jul 2, 2016 at 1:37 AM, Michael Tinsay <[email protected]> wrote:
> Thank you for the info fooler.
>
> I get what you're saying about policy-based routing, but isn't that
> applicable only to connections initiated by the server? Can policy-based
> routing also do "All connections initiated externally and coming through the
> router ip address so-and-so goes through that router"?
>
>
> ________________________________
> From: fooler mail <[email protected]>
> To: Michael Tinsay <[email protected]>; Philippine Linux Users' Group
> (PLUG) Technical Discussion List <[email protected]>
> Sent: Saturday, 2 July 2016, 11:33
> Subject: Re: [plug] Recognizing traffic from multiple gateways
>
> that is correct because traffic came from router A and B use the main
> routing table... your solution is to use policy based routing....
> create additional two routing table aside from the default or main
> routing table.. for incoming traffic for A or B.... mark or tag it ...
> upon out going.. your policy rule state that packet tag for A goes to
> gateway of A and tag for B goes to gateway of B.. non tag packets
> goes to the main routing table's default gateway...
>
> fooler.
>
>
>
> On Thu, Jun 30, 2016 at 3:05 AM, Michael Tinsay <[email protected]> wrote:
>> Ooops... My bad. I sent the email without putting a subject. Please
>> reply
>> to this one instead.
>>
>>
>> ________________________________
>> From: Michael Tinsay <[email protected]>
>> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List"
>> <[email protected]>
>> Sent: Thursday, 30 June 2016, 15:03
>> Subject:
>>
>> Hi.
>>
>> Have a question for the tcp/ip experts here.
>>
>> I recently had to split my various DSL lines between 2 routers. So Router
>> A
>> have 3 lines connected to it while Router B has 2. I now have a server
>> who
>> will be receiving external traffic through these servers via port
>> forwarding. As I understand it, without any additional configuration the
>> server will send outside-bound traffic through via the default route. As
>> such, if Router A is the default route for the server, even if the traffic
>> came from Router B the responses will be sent via Router A.
>>
>> If this is correct, what do I need to set up to have the server recognize
>> which traffic is coming from which router and send its responses to the
>> proper router accordingly?
>>
>> TIA!
>>
>>
>> --- mike t.
>
>>
>>
>>
>> _________________________________________________
>> Philippine Linux Users' Group (PLUG) Mailing List
>> http://lists.linux.org.ph/mailman/listinfo/plug
>> Searchable Archives: http://archives.free.net.ph
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
>
>
>
>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
