• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 518
  • Last Modified:

Selective routing via 2 providers both with NAT

Hello,

We have a debian router/firewall which currently does masq via iptables over a leased line and we want to add an ADSL line for non priority traffic like occasional surfing etc.

the interfaces are defined as followed:

217.x.x.0/28 dev eth0  proto kernel  scope link  src 217.x.x.2
192.168.0.0/22 dev eth1  proto kernel  scope link  src 192.168.0.1
82.x.x.72/29 dev eth3  proto kernel  scope link  src 82.x.x.74

With 217.x.x.1 as the gateway on eth0 and
with 82.x.x.73 as the gateway on eth1

The leased line on 217 is allready working properly for some time now but the adsl has been connected last week and now i am having difficulties getting traffic from certain internal hosts to route out over it.

In IPtables both eth0 & eth3 are set to do postroute masq.

ip route (apart from the above 3 networks) shows a default route:

default via 217.x.x.1 dev eth0

I have added to tables to the iproute2 config name leased and adsl.

~# ip route show table adsl
82.x.x.72/29 dev eth3  scope link
192.168.0.0/22 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 82.x.x.73 dev eth3

~# ip route show table leased
217.x.x.0/28 dev eth0  scope link
192.168.0.0/22 dev eth1  scope link
127.0.0.0/8 dev lo  scope link
default via 217.x.x.1 dev eth0

i added the 2 rules based on the from to the ip rule:

~# ip rule
0:      from all lookup local
32764:  from 217.x.x.2 lookup leased
32765:  from 82.x.x.74 lookup adsl
32766:  from all lookup main
32767:  from all lookup default


For testing i wanted all traffice to still go over the leased line but traffic from ip 192.168.1.247 to go over the adsl.

i tried both:

~# ip rule
0:      from all lookup local
32763:  from 192.168.1.247 lookup adsl
32764:  from 217.x.x.2 lookup leased
32765:  from 82.x.x.74 lookup adsl
32766:  from all lookup main
32767:  from all lookup default

and

~# ip rule
0:      from all lookup local
32763:  from 192.168.1.247 lookup adsl map-to 82.x.x.74
32764:  from 217.x.x.2 lookup leased
32765:  from 82.x.x.74 lookup adsl
32766:  from all lookup main
32767:  from all lookup default

From external locations i can ssh in to the box via both the leased line  (217.x.x.2) and the ADSL(82.x.x.74) and further more we have put a seperate box on the adsl connection with the 82.x.x.74 ip just to make sure the ADSL connection works outgoing to.

So the main question what am i doing wrong/what should i change to be able to have NAT working on both interfaces in a way that i can choose via ip rule (or some other ruling system, maybe fwmark?) the outgoing interface.

Kind regards,

Tjardick
0
Tjardick
Asked:
Tjardick
  • 2
1 Solution
 
TjardickAuthor Commented:
Found the solution in such a way that using source NAT works, but MASQ doesn't.

now just to find a way to allow DNAT (portmaps) to work on both lines instead of only the one for which the ip route rule is set to go over.

Regards,

Tjardick
0
 
peteysaCommented:
Tjardick,

From a quick reading of your situation I first thought of policy routing.  Policy routing in Cisco devices allows you to define a traffic policy for say internal traffic for outbound http gets its default gateway set to the adsl connection.

Hope this is able to assist you.

Cheers!

Dan
0
 
TjardickAuthor Commented:
Dan,

thanks for you suggestion, but the problem is more that i want to map a port on both lines both port 25 but want it to route back over the connection it came in on.

I guess the only solutions so far is to run the mailserver on 2 ports, one which is mapped from the leased line the other from the adsl then i can use an fwmark in iptables to mark traffic and then set routing filter accordingly.

I'll close down this question as it looks like i have figured it out all myself :-)

regards,

Tjardick
0
 
CetusMODCommented:
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now