[LARTC] Re: 2 ISP connection sharing problem

Arman arman.anwar at gmail.com
Tue Sep 4 23:21:18 CEST 2007 

Here is my natting script
--------------

IPTABLES=/sbin/iptables


echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F

/sbin/modprobe ip_nat_ftp

INTERNAL_NETWORK="192.168.3.0/24"


$IPTABLES -t nat -A POSTROUTING   -s $INTERNAL_NETWORK -o  eth2 -j
MASQUERADE
$IPTABLES -t nat -A POSTROUTING   -s $INTERNAL_NETWORK -o  eth1 -j
MASQUERADE

$IPTABLES -A INPUT -i eth0  -s $INTERNAL_NETWORK  -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth2 -s $INTERNAL_NETWORK   -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -s $INTERNAL_NETWORK   -m state --state
ESTABLISHED,RELATED -j ACCEPT
-------------------

On 9/5/07, Pan'ko Alexander <pankoAA at yandex.ru> wrote:
>
> On Tue, 4 Sep 2007 22:55:17 +0500
> Arman <arman.anwar at gmail.com> wrote:
>
> > Hi all,
> >       I am now testing on a simplest scenario. I have an ip 192.168.3.5on
> > intranet. I want to route it through ISP1. All other traffic will go
> through
> > ISP2 which is default gateway on machine so I dont need to add any rule
> for
> > that. I have executed following commands
> > ----
> > echo 150 ISP1 >> /etc/iproute2/rt_tables
> > ip rule add from  193.168.3.5/32 to 0.0.0.0/0  table ISP1
> > ip route add default via 192.168.1.1  table ISP1
> > ip route flush cache
> > ----
> > Following is the tables state
> >
> > [root at localhost ~]# ip rule list
> > 0:      from all lookup local
> > 32764:  from 193.168.3.5 lookup ISP1
> > 32765:  from 193.168.3.5 lookup ISP1
> > 32766:  from all lookup main
> > 32767:  from all lookup default
> >
> > [root at localhost ~]# route
> > Kernel IP routing table
> > Destination     Gateway         Genmask         Flags Metric Ref    Use
> > Iface
> > 192.168.3.0     *               255.255.255.0   U     0      0        0
> eth0
> > 203.81.198.0    *               255.255.255.0   U     0      0        0
> eth2
> > 192.168.1.0     *               255.255.255.0   U     0      0        0
> eth1
> > 169.254.0.0     *               255.255.0.0     U     0      0        0
> eth1
> > default         203.81.194.24   0.0.0.0         UG    0      0        0
> eth2
> >
> > [root at localhost ~]# ip route list table ISP1
> > default via 192.168.1.1 dev eth1
> >
>
> I have very nearest configuration and it is working
>
> > system is natted.
>
> What and how is natted?
>
> The right is:
> iptables -t nat -A POSTROUTING -s 192.168.3.5 -j MASQUERADE
>
> Or
> iptables -t nat -A POSTROUTING -s 192.168.3.5 -j SNAT --to-source (ip of
> eth1)
>
>
> May be you have
> iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -j SNAT --to-source (ip
> of eth2)
> It is wrong.
>
> Try to determin routing by tcpdump -i ethX.
>
> >
> > I have checked for ip 192.168.3.5 but this is still from default
> gateway.
> > Not going my settings. Internet is working for 192.168.3.5 but through
> ISP2.
> > Will I have to do something with main table?
> >
> > --
> > Regards,
> > Arman
> >
>
>
> --
> With best regards, Pan'ko Alexander.
>
>


-- 
Regards,
Arman Anwar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20070905/b655d8ba/attachment.html

More information about the LARTC mailing list