Re: [LARTC] Fwd: Inbound and outbound traffic problem
Thanks Michael for your answer! I finally did it in a way simillar as you described. Marking pakets and using nat. BUT everything start working great when I found a little detail: echo 0 /proc/sys/net/ipv4/conf/eth1 /rp_filter echo 0 /proc/sys/net/ipv4/conf/eth2/rp_filter Without this, things were confused. Where this come from? I found this trick in a HowTo from a Spain site: http://bulma.net/body.phtml?nIdNoticia=1615 Nowhere else! So, what I did, is a common mistake? Is this assumed by default in every configuration and because of this, there is no comments about this in any other tutorial or howto? Anyway, ones again Mike, thank you!! Best regards J.D.Bistevins On 12/20/05, Michael Davidson [EMAIL PROTECTED] wrote: Hi,There is another way to do this, but I doubt that it is anymoreelegant than what you have right now. I have just completed this sametask and I can say that if I could have used your method - overlaying another subnet -I would have done so since it's a cleaner solution in myview.I used iptables to mark the packets of the flows that where generatedby the server ( WWW).I created a second routing table with it's own default route. I created an ip rule which looks for a mark on the packets anddirects those packets to the new routing table.Keep in mind, for this to work correctly you need to be using NAT or Masquerade on at least one of your ISP ports.Regards Mike ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Fwd: Inbound and outbound traffic problem
Both solutions mentioned in here seem to be overly complicated. All of this should be doable with just a proper routing setup. I recently setup multi-link routing and used mostly the info in http://www.ssi.bg/~ja/nano.txt and the mpath2.sh script linked at http://www.ssi.bg/~ja/The one change I did was to only have a default gateway for the one isp I wanted. aka instead of ip route add default table 222 proto static \ nexthop via GWE1 dev IFE1 weight 1\ nexthop via GWE2 dev IFE2 weight 1mentioned in the docs i only use:ip route add default table 222 proto static \ nexthop via GWE1 dev IFE1 weight 1With this setup, all traffic originating from my network, goes out through the one default route I specified. However incomming connections from either isp always go back out the same isp they came in from. I don't have any connection marking or seperate internal networks setup. Basically tables 201 and 202 select the route based on the src address, and this works with NAT as well because it tracks a connection and will remember which src address to translate it back to. - JodyOn 12/20/05, Janis Daniel Bistevins [EMAIL PROTECTED] wrote: sorry if I can't explain correctly what my problem is.What I need is to route traffic originated inside my lan by one ISP,and traffic coming from another ISP (mostly requests to machinesinside the lan)back by the same ISP. The way I've found is by creating two diferent networks inside my lan.Those machines running services have two IP's on its NICs. That way Ican route depending the source of the packets.I have a snapshot of my drawing, so you can figure this out. http://www.iglobal.com.ar/~janis/snap.xpm -- Forwarded message --From: Janis Daniel Bistevins [EMAIL PROTECTED]Date: Dec 19, 2005 12:05 PMSubject: Inbound and outbound traffic problemTo: lartc@mailman.ds9a.nl+---+ ++ ISP A | | ||-| |++| | +--+|ROUTER |NET C|www || LINUX|||| |NET D +---+++ISP B | |||| | ++| | ++Hi!I need that requests to www arriving from net ISP A returns by thesame route, but connections initiated from www go out by net ISP B.The only way I have discovered so far is creating two differents networks (NET C and NET D)So, www have a route to ISP A by NET C and a default route by NET D .On the Linux Router evereything coming from NET D is routed by NET Band everything coming from NET C is routed by NET A This is accomplished by creating logical interfaces on www and on theLinux Router.Is there another way to do this?Thanks in advance.Regards.--Janis BistevinsBelief is 9/10 of YOUR reality -- Janis BistevinsBelief is 9/10 of YOUR reality ___LARTC mailing listLARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Fwd: Inbound and outbound traffic problem
sorry if I can't explain correctly what my problem is.What I need is to route traffic originated inside my lan by one ISP,and traffic coming from another ISP (mostly requests to machinesinside the lan)back by the same ISP. The way I've found is by creating two diferent networks inside my lan.Those machines running services have two IP's on its NICs. That way Ican route depending the source of the packets.I have a snapshot of my drawing, so you can figure this out. http://www.iglobal.com.ar/~janis/snap.xpm-- Forwarded message --From: Janis Daniel Bistevins [EMAIL PROTECTED]Date: Dec 19, 2005 12:05 PMSubject: Inbound and outbound traffic problemTo: lartc@mailman.ds9a.nl+---+ ++ ISP A | | ||-| |++| | +--+|ROUTER |NET C|www || LINUX|||| |NET D +---+++ISP B | |||| | ++| | ++Hi!I need that requests to www arriving from net ISP A returns by thesame route, but connections initiated from www go out by net ISP B.The only way I have discovered so far is creating two differents networks (NET C and NET D)So, www have a route to ISP A by NET C and a default route by NET D .On the Linux Router evereything coming from NET D is routed by NET Band everything coming from NET C is routed by NET A This is accomplished by creating logical interfaces on www and on theLinux Router.Is there another way to do this?Thanks in advance.Regards.--Janis BistevinsBelief is 9/10 of YOUR reality -- Janis BistevinsBelief is 9/10 of YOUR reality ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Fwd: Inbound and outbound traffic problem
Hi, There is another way to do this, but I doubt that it is anymore elegant than what you have right now. I have just completed this same task and I can say that if I could have used your method - overlaying another subnet -I would have done so since it's a cleaner solution in my view. I used iptables to mark the packets of the flows that where generated by the server ( WWW). I created a second routing table with it's own default route. I created an ip rule which looks for a mark on the packets and directs those packets to the new routing table. Keep in mind, for this to work correctly you need to be using NAT or Masquerade on at least one of your ISP ports. Regards Mike Janis Daniel Bistevins wrote: sorry if I can't explain correctly what my problem is. What I need is to route traffic originated inside my lan by one ISP, and traffic coming from another ISP (mostly requests to machines inside the lan)back by the same ISP. The way I've found is by creating two diferent networks inside my lan. Those machines running services have two IP's on its NICs. That way I can route depending the source of the packets. I have a snapshot of my drawing, so you can figure this out. http://www.iglobal.com.ar/~janis/snap.xpm http://www.iglobal.com.ar/%7Ejanis/snap.xpm -- Forwarded message -- From: Janis Daniel Bistevins [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Date: Dec 19, 2005 12:05 PM Subject: Inbound and outbound traffic problem To: lartc@mailman.ds9a.nl mailto:lartc@mailman.ds9a.nl +---+ ++ ISP A | | | |-| | ++| | +--+ | ROUTER |NET C | www | | LINUX || | | | NET D +---+ ++ISP B | | | || | ++ | | ++ Hi! I need that requests to www arriving from net ISP A returns by the same route, but connections initiated from www go out by net ISP B. The only way I have discovered so far is creating two differents networks (NET C and NET D) So, www have a route to ISP A by NET C and a default route by NET D . On the Linux Router evereything coming from NET D is routed by NET B and everything coming from NET C is routed by NET A This is accomplished by creating logical interfaces on www and on the Linux Router. Is there another way to do this? Thanks in advance. Regards. -- Janis Bistevins Belief is 9/10 of YOUR reality -- Janis Bistevins Belief is 9/10 of YOUR reality ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Regards Mike. Michael Davidson Barone Budge Dominick Email: [EMAIL PROTECTED] Office: +27 11 532 8380 BBD : +27 11 532 8300 Fax:+27 11 532 8400 Mobile: +27 82 650 5707 Home: +27 11 452 4423 This e-mail is confidential and subject to the disclaimer published at http://www.bbd.co.za ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
