[LARTC] Problem with multiple ADSL lines
Mohan Sundaram
mohan.tux at gmail.com
Fri Oct 12 09:00:31 CEST 2007
Kostas Flokos wrote:
> Hi Mohan,
>
> Thanks a lot for your reply. I haven't tried it yet, but I have no
> doubts it will work.
>
> However, if you have time, could you please explain to me why a request
> received from IP1 by host H1, having as default route IP2, can not be
> routed through IP1; I have a routing table saying that the route to IP1
> is through the proper eth card.
> I have used tcpdump to check the packets coming/in/out from the systems
> and it seems that there is a packet going from ADSL1 to H1, but nothing
> on the other way... it seems like H1 doesn't know what to do with it.
>
Does the packet from H1 reach the Linux box? Coming to think of it, you
must have a route on each of the ADSL routers that shows 192.168.0.0/24
as reachable thro' the Linux box. Think this is ok else packet will not
reach H1. Similarly, the host H1 must've the Linux box as default gateway.
> Could you please explain (or point me to URLs explaining that) why it
> will change if I set the modems to bridge mode?
Not all ADSL modems support bridging. Please check that out first.
> I still want to do NAT,
> will it change if I do it from the Linux router now?
>
Most routers NAT with their external IP and user normally has no
control. Thus if you receive a request on ADSL1_IP which goes to H1 and
the reply goes out thro' ISP2, the src of the reply will be ADSL2_IP due
to natting. The initiator will only accept a reply with src ADSL1_IP.
If you set the modems to bridge mode, you can do the NATting on the
Linux box where you can NAT with ADSL1_IP and still send the packet out
thro' ISP2. Linux has a great deal of flexibility here.
> I also do not understand what you imply with
> "3. Source NAT rules use ISP1_IP and routing rule redirects it to link
> connected to ISP2. Flip similarly for ISP1."
> Could you be a bit more descriptive?
Linux Router config:
Dst NAT http on ADSL1_IP goes to H1
Dst NAT http on ADSL2_IP goes to H2
Source NAT src H1 to ADSL1_IP
Source NAT src H2 to ADSL2_IP
ip rule add from ADSL1_IP table ADSL2_rules
ip rule add from ADSL2_IP table ADSL1_rules
ADSL1_rules default gw is ISP1. ADSL2_rules default gw is ISP2
H1 receives all requests that come on ADSL1_IP. The reply from H1 for
request arriving on ADSL1 goes out thro' ISP2 as desired but with the
right source IP i.e. ADSL1_IP.
From your mail, it seemed like you were wanting to do this. Your
original config was sending replies out thro' the same i/f it arrived on.
>
> Forgive me for being a bit ignorant of all that; possibly I'm trying to
> understand too much without basic technical background on routing, etc.
>
We were all there at a point of time. No need to apologize. It may also
not be true that you do not know. We may be failing in communication too.
> One more time, thanks a lot for your help.
You are welcome.
> Regards,
> Kostas
>
> On 10/12/07, *Mohan Sundaram* <mohan.tux at gmail.com
> <mailto:mohan.tux at gmail.com>> wrote:
>
> Kostas Flokos wrote:
> > Hi all,
> > I have managed to setup a Fedora 7 box with 3 ethernet cards and two
> > ADSL modem/routers from different suppliers as LARTC recommends. I am
> > able to direct traffic for specific internal IPs either to one or the
> > other ADSL line. However, I am faced with two problems I am
> struggling
> > for the solution:
> >
> > 1. I have opened a few ports on the ADSL router/firewalls to talk to
> > internal hosts; say when someone hits http://myADSL1_IP I would
> redirect
> > him to 192.168.0.10 <http://192.168.0.10> <http://192.168.0.10>;
> while if someone hits
> > http://myADSL2_IP I would redirect him to 192.168.0.20
> <http://192.168.0.20>
> > <http://192.168.0.20>.
> This is your ADSL router(s) config.
> > If I have rules such as the following all works well:
> > ip rule add from 192.168.0.10 <http://192.168.0.10>
> <http://192.168.0.10> table ADSL1_rules
> > ip rule add from 192.168.0.20 <http://192.168.0.20>
> <http://192.168.0.20> table ADSL2_rules
> These are rules on your linux machine to send traffic back on the same
> link they came from.
> > Unfortunately, if I want to do the reverse it does not work. I can't
> > have a host prefer one ADSL line, but still receive traffic from the
> > other ADSL line.
> This can be done by switching the rule table above. Obviously NAT is
> being used. However, this will break. You cannot initiate a connection
> to one IP and match the reply or ack for that connection from another
> IP. TCP/IP basics. Assymetric routing works when no address translations
> take place.
> > It may sound weird, but I only want to have one host
> > reply to any of the two IPs, either from ISP1 or ISP2. With the
> current
> > configuration I can't. It works ok the default ISP of the host, but
> > can't make it to work for the other.
> One way of doing this would be:
> 1. Set the routers to bridge mode.
> 2. Assign the ISP IPs to the NICs.
> 3. Source NAT rules use ISP1_IP and routing rule redirects it to link
> connected to ISP2. Flip similarly for ISP1.
>
> Let us hope your ISP2 does not filter out traffic having source outside
> his subnet when it arrives from within.
>
> Mohan
> _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl <mailto:LARTC at mailman.ds9a.nl>
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
>
>
> --
> bus-email: kflokos at upcom.eu <mailto:kflokos at upcom.eu>
> priv-email: kflokos at gmail.com <mailto:kflokos at gmail.com>
> web: http://www.upcom.eu
> GSM: +30-693-8415038
>
> ************************************************************************
> This message and all of its attachments should be regarded as
> confidential. If you have received this email in error please notify the
> sender and destroy it immediately. Statements of intent shall only
> become binding when confirmed in hard copy by an authorised signatory.
> ************************************************************************
More information about the LARTC
mailing list