[LARTC] Load Balancer setting for Public Servers

Sureerat P. (EQHO) sureerat.pha@eqho.com
Wed Feb 16 03:34:07 CET 2005 

This is a multi-part message in MIME format.

------=_NextPart_000_0018_01C51413.0B286CE0
Content-Type: text/plain;
	charset="windows-874"
Content-Transfer-Encoding: 7bit

Hello,

I have finished setting up the load balancer with IPROUTE ... also patch the
kernel to support DGD and now it's working fine with the valuable guide at
LARTC website, Julian Anastasov, and the kind people in this mailing list.
Now I would like to launch a web server and a ftp server to the public but
I'm stuck into a problem and really need your help.

Currently internal users can access internet and loadbalancing feature is
working well, but users in external network can't access my servers. Please
someone help investigate my config and suggest me what is wrong or missing.
Thank you very much.

My network design is like this:

+----------+     +----------+     +----------+
|   ISP1   |     |   ISP3   |     |   ISP3   |
+----------+     +----------+     +----------+
     |                |                 |
     |                |                 |
     |         +--------------+         |
     |_________| LoadBalancer |_________|
               +--------------+
                      |
                      |
               +--------------+
      _________|   Firewall   |_________
     |         +--------------+         |
     |                |                 |
     |                |                 |
+----------+     +----------+     +----------+
|Web Server|     |FTP Server|     |   LAN    |
+----------+     +----------+     +----------+

eth0 - Internal Network
-----------------------
IP = 10.0.0.1/24

eth1 - route to ISP1
--------------------
IP = 213.244.0.254/24
GW = 213.244.0.1

eth2 - route to ISP2
--------------------
IP = 222.240.0.254/24
GW = 222.240.0.1

eth3 - route to ISP3
--------------------
IP = 201.10.0.254/24
GW = 201.10.0.1

Public Server
-------------
Web Server = 213.244.0.30
FTP Server = 213.244.0.31
(Firewall  = 213.244.0.20)

Firewall
--------
Interface to LoadBalancer = 10.0.0.254
Interface to Web Server = 10.0.0.30
Interface to FTP Server = 10.0.0.31

Following is my configuration:
-----------------------------
ip address add 10.0.0.1/24 brd + dev eth0
ip address add 213.244.0.254/24 brd + dev eth1
ip address add 222.240.0.254/24 brd + dev eth2
ip address add 201.10.0.254/24 brd + dev eth3
ip rule add prio 5 table main
ip route add default via 213.244.0.1 dev eth1 src 213.244.0.254 proto static
table 10
ip route append prohibit default table 10 metric 1 proto static
ip route add default via 222.240.0.1 dev eth2 src 222.240.0.254 proto static
table 20
ip route append prohibit default table 20 metric 1 proto static
ip route add default via 201.10.0.1 dev eth3 src 201.10.0.254 proto static
table 30
ip route append prohibit default table 30 metric 1 proto static
ip rule add prio 10 from 213.244.0.0/24 table 10
ip rule add prio 20 from 222.240.0.0/24 table 20
ip rule add prio 30 from 201.10.0.0/24 table  30
ip rule add prio 40 table 40
ip route add default table 40 proto static nexthop via 213.244.0.1 dev eth1
weight 1 nexthop via 222.240.0.1 dev eth2 weight 1 nexthop via 201.10.0.1
dev eth3 weight 1

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables -t filter -A keep_state -j RETURN
iptables -t nat -N keep_state
iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A keep_state -j RETURN
iptables -t nat -A PREROUTING -j keep_state
iptables -t nat -A POSTROUTING -j keep_state
iptables -t nat -A OUTPUT -j keep_state
iptables -t filter -A INPUT -j keep_state
iptables -t filter -A FORWARD -j keep_state
iptables -t filter -A OUTPUT -j keep_state
iptables -t nat -I PREROUTING -d 213.244.0.20 -j DNAT --to 10.0.0.254
iptables -t nat -I PREROUTING -d 213.244.0.30 -j DNAT --to 10.0.0.30
iptables -t nat -I PREROUTING -d 213.244.0.31 -j DNAT --to 10.0.0.31

Best regards,

Sureerat P.

------=_NextPart_000_0018_01C51413.0B286CE0
Content-Type: text/html;
	charset="windows-874"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-874">
<META content=3D"MSHTML 6.00.2800.1491" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New"=20
size=3D2>Hello,</FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2>I have=20
finished setting up the load balancer with IPROUTE ... also patch the =
kernel to=20
support DGD and now it's working fine with the valuable guide at LARTC =
website,=20
Julian Anastasov, and the kind people in this mailing list. Now I would =
like to=20
launch a web server and a ftp server to the public but I'm stuck into a =
problem=20
and really need your help.</FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2>Currently=20
internal users can access internet and loadbalancing feature is working =
well,=20
but users in external network can't access my servers. Please someone =
help=20
investigate my config and suggest me what is wrong or missing. Thank you =
very=20
much.</FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2>My network=20
design is like this:</FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT face=3D"Courier New"=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT=20
face=3D"Courier New">+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT =
size=3D2>+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+----------+</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT=20
face=3D"Courier New">|&nbsp; &nbsp;ISP1&nbsp;&nbsp; =
|&nbsp;&nbsp;&nbsp;&nbsp;=20
<SPAN class=3D984264102-16022005><FONT size=3D2>|&nbsp; =
&nbsp;ISP3&nbsp;&nbsp;=20
|&nbsp;&nbsp;&nbsp;&nbsp; <SPAN class=3D984264102-16022005><FONT =
size=3D2>|&nbsp;=20
&nbsp;ISP3&nbsp;&nbsp; =
|</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT=20
face=3D"Courier New">+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT =
size=3D2>+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+----------+</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;=20
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
|</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;=20
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
|</SPAN></FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN></FONT></SPAN></=
DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;<SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+--------------+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
=20
|</FONT></SPAN></FONT></SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT=20
face=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|_________<SPAN=20
class=3D984264102-16022005><FONT size=3D2>|&nbsp;LoadBalancer=20
|_________|</FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN></FONT></SPAN=
></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;<SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+--------------+</FONT></SPAN></FONT></SPAN></FONT></SPAN></FONT=
></SPAN></SPAN></SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;=20
|</SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></=
FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;=20
|</SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></=
FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;<SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+--------------+</FONT></SPAN></FONT></SPAN></FONT></SPAN></FONT=
></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
_________<SPAN class=3D984264102-16022005><FONT=20
size=3D2>|&nbsp;&nbsp;&nbsp;Firewall&nbsp;&nbsp;=20
|_________</FONT></SPAN></FONT></SPAN></SPAN></FONT></SPAN></FONT></SPAN>=
</DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;<SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+--------------+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
=20
|</FONT></SPAN></FONT></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></=
FONT></SPAN></FONT></SPAN></DIV></SPAN></FONT></SPAN></FONT></SPAN></SPAN=
></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></FONT></=
SPAN><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005></SPAN></SPAN></FONT></SPAN></FONT></SPAN></SP=
AN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></FONT>=
</SPAN></SPAN></SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005><SPAN =
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;=20
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;=20
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;=20
|</SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></=
FONT></SPAN></SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FON=
T></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;=20
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;=20
|</SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></=
FONT></SPAN></SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FON=
T></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005><SPAN class=3D984264102-16022005><FONT =
size=3D2><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><SPAN=20
class=3D984264102-16022005>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT=20
face=3D"Courier New">+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT =
size=3D2>+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+----------+</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT =
face=3D"Courier New">|Web=20
Server|&nbsp;&nbsp;&nbsp;&nbsp; <SPAN class=3D984264102-16022005><FONT =
size=3D2>|FTP=20
Server|&nbsp;&nbsp;&nbsp;&nbsp; <SPAN class=3D984264102-16022005><FONT=20
size=3D2>|&nbsp;&nbsp;&nbsp;LAN &nbsp;&nbsp;=20
|</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><FONT=20
face=3D"Courier New">+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT =
size=3D2>+----------+&nbsp;&nbsp;&nbsp;&nbsp; <SPAN=20
class=3D984264102-16022005><FONT=20
size=3D2>+----------+</FONT></SPAN></FONT></SPAN></FONT></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>eth0 - Internal=20
Network</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>-----------------------</SPAN></FONT></SPAN></=
FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>IP =3D=20
10.0.0.1/24</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>eth1 - route to=20
ISP1</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>--------------------</SPAN></FONT></SPAN></FON=
T></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>IP =3D=20
213.244.0.254/24</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>GW =3D=20
213.244.0.1</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>eth2 - route to=20
ISP2</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>--------------------</SPAN></FONT></SPAN></FON=
T></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>IP =3D=20
222.240.0.254/24</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>GW =3D=20
222.240.0.1</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>eth3 - route to=20
ISP3</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>--------------------</SPAN></FONT></SPAN></FON=
T></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>IP =3D=20
201.10.0.254/24</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>GW =3D=20
201.10.0.1</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Public =
Server</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>-------------</SPAN></FONT></SPAN></FONT></SPA=
N></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Web Server =3D=20
213.244.0.30</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>FTP Server =3D=20
213.244.0.31</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>(Firewall&nbsp; =3D=20
213.244.0.20)</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Firewall</SPAN></FONT></SPAN></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>--------</SPAN></FONT></SPAN></FONT></SPAN></D=
IV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Interface to LoadBalancer =3D=20
10.0.0.254</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Interface to Web Server =3D=20
10.0.0.30</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Interface to FTP Server =3D=20
10.0.0.31</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN>&nbsp;</DIV=
>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>Following is my=20
configuration:</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>-----------------------------</SPAN></FONT></S=
PAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>ip address add 10.0.0.1/24 brd + dev =
eth0<BR>ip address=20
add 213.244.0.254/24 brd + dev eth1<BR>ip address add 222.240.0.254/24 =
brd + dev=20
eth2<BR>ip address add 201.10.0.254/24 brd + dev eth3<BR>ip rule add =
prio 5=20
table main<BR>ip route add default via 213.244.0.1 dev eth1 src =
213.244.0.254=20
proto static table 10<BR>ip route append prohibit default table 10 =
metric 1=20
proto static<BR>ip route add default via 222.240.0.1 dev eth2 src =
222.240.0.254=20
proto static table 20<BR>ip route append prohibit default table 20 =
metric 1=20
proto static<BR>ip route add default via 201.10.0.1 dev eth3 src =
201.10.0.254=20
proto static table 30<BR>ip route append prohibit default table 30 =
metric 1=20
proto static<BR>ip rule add prio 10 from 213.244.0.0/24 table 10<BR>ip =
rule add=20
prio 20 from 222.240.0.0/24 table 20<BR>ip rule add prio 30 from =
201.10.0.0/24=20
table&nbsp; 30<BR>ip rule add prio 40 table 40<BR>ip route add default =
table 40=20
proto static nexthop via 213.244.0.1 dev eth1 weight 1 nexthop via =
222.240.0.1=20
dev eth2 weight 1 nexthop via 201.10.0.1 dev eth3 weight=20
1<BR></SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>iptables -t nat -A POSTROUTING -s 10.0.0.0/24 =
-j=20
MASQUERADE<BR>iptables -t filter -N keep_state<BR>iptables -t filter -A=20
keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT<BR>iptables -t =
filter=20
-A keep_state -j RETURN<BR>iptables -t nat -N keep_state<BR>iptables -t =
nat -A=20
keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT<BR>iptables -t =
nat -A=20
keep_state -j RETURN<BR>iptables -t nat -A PREROUTING -j =
keep_state<BR>iptables=20
-t nat -A POSTROUTING -j keep_state<BR>iptables -t nat -A OUTPUT -j=20
keep_state<BR>iptables -t filter -A INPUT -j keep_state<BR>iptables -t =
filter -A=20
FORWARD -j keep_state<BR>iptables -t filter -A OUTPUT -j =
keep_state<BR>iptables=20
-t nat -I PREROUTING -d 213.244.0.20 -j DNAT --to=20
10.0.0.254</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>iptables -t nat -I PREROUTING -d 213.244.0.30 =
-j DNAT=20
--to 10.0.0.30</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005>iptables -t nat -I PREROUTING -d 213.244.0.31 =
-j DNAT=20
--to 10.0.0.31<BR></DIV></SPAN></FONT></SPAN></FONT></SPAN><SPAN=20
class=3D984264102-16022005><FONT size=3D2><SPAN =
class=3D984264102-16022005><FONT=20
face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN></SPAN></DI=
V>
<DIV><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2><SPAN=20
class=3D984264102-16022005>Best=20
regards,</SPAN></FONT></SPAN></FONT></SPAN></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2><SPAN=20
class=3D984264102-16022005></SPAN></FONT></SPAN></FONT></SPAN></SPAN>&nbs=
p;</DIV>
<DIV><SPAN class=3D984264102-16022005><SPAN =
class=3D984264102-16022005><FONT=20
size=3D2><SPAN class=3D984264102-16022005><FONT face=3D"Courier New" =
size=3D2><SPAN=20
class=3D984264102-16022005>Sureerat =
P.</SPAN></FONT></SPAN></FONT></SPAN></DIV>
<DIV><SPAN class=3D984264102-16022005><FONT size=3D2><SPAN=20
class=3D984264102-16022005><FONT face=3D"Courier New" size=3D2><SPAN=20
class=3D984264102-16022005><FONT=20
face=3DArial></FONT>&nbsp;</DIV></SPAN></FONT></SPAN></FONT></SPAN></SPAN=
></SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FONT></SPAN></=
FONT></SPAN></SPAN></SPAN></FONT></SPAN></FONT></SPAN></SPAN></SPAN></FON=
T></SPAN></FONT></SPAN></DIV></SPAN></DIV></BODY></HTML>

------=_NextPart_000_0018_01C51413.0B286CE0--

More information about the LARTC mailing list