Re: [LARTC] Somewhat basic routing question
Hans du Plooy <[EMAIL PROTECTED]> wrote: [...] >Will this work with private two network cards, two private IPs, and two >gateways in the same IP range? eth0 192.168.1.18 with gw 192.168.1.6 >and eth1 192.168.1.17 with gw 192.168.1.1. The two gateways are NAT-ing >firewalls, will this make a difference? I don't know if the NAT business will make a difference, but I've set up multiple-network multiple-gateway configurations more or less like this (substituting your own network values): Configure with policy routes such that responses to inbound traffic for the respective interfaces is routed back out over the same interface. For example: ip rule add from 10.176.13/24 table 50 ip rule add from 10.176.14/24 table 60 For your purposes, "ip rule add iif ethX" may work better (since the network match won't necessarily segregate anything, as both of your interfaces are on the same network). ip route add table 50 10.176.13/24 dev ethX src 10.176.13.x ip route add table 50 default dev ethX src 10.176.13.x via 10.176.13.1 Where 10.176.13.1 is the gateway for that particular network (or interface, in your case), and 10.176.13.x is the host's IP address on that network. The other network, 10.176.14/24 on table 60 in this example, is configured similarly, but with the appropriate .14 network values. A global default route can be left in the main routing table for traffic not originating inbound from 10.176.13 or 10.176.14 (or via the appropriate iif, depending on how you set it up). I think you'd need to test a bit to check for the proper configuration, which may be hard via only remote access. -J --- -Jay Vosburgh, IBM Linux Technology Center, [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Somewhat basic routing question
I somehow missed this: http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS - looks like what I'm wanting. But it doesn't mention wether the provders are just routers or NAT-ing routers/firewalls. Will NAT impact? Also just to add to my original mail, the box in question is not a gateway, it doesn't provide connectivity to anyone. It's just a mail server than has to use the extra line to act as a backup MX. Thanks Hans ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Somewhat basic routing question
Hi guys, I realise this is problaby more basic than what this list is intended for, but I had no luck elswhere. Short version: I have previously used these lines on a server with two network interfaces, two public IPs, and one common default gateway, to make sure that connections coming into eth1 is replied to replied to via the same interface. eth0 is 196.xx.xx.35, eth1 is 196.xx.xx.54, gateway is 196.xx.xx.1: ip rule add from 196.xx.xx.54 table eth1 prio 3000 ip route add table eth1 via 196.xx.xx.1 dev eth1 Will this work with private two network cards, two private IPs, and two gateways in the same IP range? eth0 192.168.1.18 with gw 192.168.1.6 and eth1 192.168.1.17 with gw 192.168.1.1. The two gateways are NAT-ing firewalls, will this make a difference? Thanks Hans Long version: I have to mail server (receiving only) on a network with two NAT-ing firewalls, all in the same range. It looks like this: +-+ Internet --- | Firewall| | 192.168.1.6 | +-+ | +--+ | 192.168.1.18 | |Mail | | 192.168.1.17 | +--+ | +--+ Internet --- | Firewall | | 192.168.1.1 | +--+ The first firwall forward incoming connections on port 25 to 192.168.1.17, while the second firewall forward port 25 to 192.168.1.18. My requirement is simple. Connections connections need to go out via the interface that they came in on. Right now the box replies via 192.168.1.6 (the default gw) regardless of where the connection came in. I also have only remote access, so I can't afford to mess up :-) Thanks Hans ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Where can I found ESFQ patch for a 2.6.18 kernel (fatooh.org is down ? )
Evgeni Gechev a écrit : > Se'bastien CRAMATTE написа: >> Hello, >> >> Where can I found ESFQ patch for a 2.6.18 kernel... >> http://fatooh.org/*esfq*-2.6/ >> >> seems to be down >> ___ >> LARTC mailing list >> LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> > http://www.abclinuxu.cz/blog/mirek/2006/11/10/157349 > > Thanks a lot I've tried to download NF-HIPAC patch too but tell me that I must be registered and I don't understand czetch :( ... Regards begin:vcard fn;quoted-printable:S=C3=A9bastien CRAMATTE n;quoted-printable:CRAMATTE;S=C3=A9bastien org:ZEN Soluciones;IT technologies, Linux and Web adr;quoted-printable:Piso 4b;;Calle Alfonso X el Sabio, 29;Las torres de cotillas;Murcia;30565;Espa=C3=B1a email;internet:[EMAIL PROTECTED] title:Consultant tel;work:+34 968 292 965 tel;cell:+34 627 665 283 x-mozilla-html:FALSE url:http://www.zensoluciones.com version:2.1 end:vcard ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Where can I found ESFQ patch for a 2.6.18 kernel (fatooh.org is down ? )
Se'bastien CRAMATTE написа: Hello, Where can I found ESFQ patch for a 2.6.18 kernel... http://fatooh.org/*esfq*-2.6/ seems to be down ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc http://www.abclinuxu.cz/blog/mirek/2006/11/10/157349 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Where can I found ESFQ patch for a 2.6.18 kernel (fatooh.org is down ? )
Hello, Where can I found ESFQ patch for a 2.6.18 kernel... http://fatooh.org/*esfq*-2.6/ seems to be down begin:vcard fn;quoted-printable:S=C3=A9bastien CRAMATTE n;quoted-printable:CRAMATTE;S=C3=A9bastien org:ZEN Soluciones;IT technologies, Linux and Web adr;quoted-printable:Piso 4b;;Calle Alfonso X el Sabio, 29;Las torres de cotillas;Murcia;30565;Espa=C3=B1a email;internet:[EMAIL PROTECTED] title:Consultant tel;work:+34 968 292 965 tel;cell:+34 627 665 283 x-mozilla-html:FALSE url:http://www.zensoluciones.com version:2.1 end:vcard ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] iptables -m dstlimit
В Чтв, 07/12/2006 в 11:09 +0100, Kajetan Staszkiewicz пишет: > Dnia czwartek, 7 grudnia 2006 10:40, Покотиленко Костик napisał(a): > > > Which kernel supports the iptables' -m dstlimit? > > Do I need a patch or something else to get it to work? > > Is it too experimental? > > Now it is called hashlimit, it is in new 2.6 kernels already. Thanks for explaination. I don't have ipt_hashlimit.ko in 2.6.8, but I have one in 2.6.17. Will check later. -- Покотиленко Костик <[EMAIL PROTECTED]> ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IFB on 2.6.18.3 ...
> I've got a 2.6.18.3 kernel and I search which options I should activate > for IFB support > Regards Device Drivers ---> Network device support ---> [*] Network device support Intermediate Functional Block support Of course, it also depend on 'QoS and/or fair queueing' under 'networking options' For other info see also 'doc/actions' on the iproute2 source tarball. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] iptables -m dstlimit
Dnia czwartek, 7 grudnia 2006 10:40, Покотиленко Костик napisał(a): > Which kernel supports the iptables' -m dstlimit? > Do I need a patch or something else to get it to work? > Is it too experimental? Now it is called hashlimit, it is in new 2.6 kernels already. -- | pozdrawiam / greetings | powered by Trustix, Gentoo and FreeBSD | | Kajetan Staszkiewicz | jabber,email,www: vegeta()tuxpowered net | |Vegeta | IMQ devnames: http://tuxpowered.net | `^--' pgpjqeJSrjJOa.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] iptables -m dstlimit
Which kernel supports the iptables' -m dstlimit? Do I need a patch or something else to get it to work? Is it too experimental? -- Покотиленко Костик <[EMAIL PROTECTED]> ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc