Link to home
Create AccountLog in
Avatar of smithdw1
smithdw1Flag for United States of America

asked on

Split specific traffic between two ISPs

I have a Dlink DFL-210 device serving as a router/firewall for a network at one of our newly acquired subsidiaries.  Because of location, they have very limited bandwidth on their ADSL.  We are looking to relieve some of the bandwidth constraint by funneling certain traffic between this new company and our corporate offices through a 4g cellular router (Netgear MBR1516).  I have very limited experience with the DFL-210 and getting quite frustrated with trying to get this to work with this router.  Please refer to the attached network diagram.  In the DFL-210, I have a route setup in the main routing table as follows:

Interface: LAN
Network: 3.3.3.3
Gateway: 192.168.0.5

I then setup an IP Rule as follows:

Action: Forward fast
Service: all_services

Source Interface: LAN
Source Network: 192.168.0.0/24
Destination Interface: LAN
Destination Network: 192.168.0.5

As a test, on the 4g router I set a port forward to push tcp 80 to 192.168.0.13.  Unfortunately, pointing a web browser to http://2.2.2.2 doesn't work.  If I remove all changes from the DFL-210 and run a route statement directly on the web server, all works as expected.  For example, I ran the following on the Windows Server hosting a web page:

route add 3.3.3.3 mask 255.255.255.255 192.168.0.5

I can then successfully access the website via the 4g router's public IP (2.2.2.2).  I know that by adding/swapping hardware, there is a much better solution, but this needs to be a quick fix using the hardware they currently have in place.  I would really appreciate any help with the DFL-210 as my head is getting quite bruised from beating it against the wall.
Capture.JPG
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

For port forwarding to work your server needs to be using that particular router as its default gateway.  This explains why adding the static route to the webserver works.  It would only work for traffic to 3.3.3.3 though.

Just say for example:

a] 192.168.0.13 is using the DFL-210 as its default gateway
b] You've port-forwarded port 80 on both routers to 192.168.0.13
c] A client on the internet from IP 100.100.100.100 is trying to get to the web server running on 192.168.0.13.

If the host 100.100.100.100 tries to get to the webserver on 192.168.0.13 via 1.1.1.1 it will be successful.  If the host tries to get to the webserver via 2.2.2.2 it won't work.

This is because the webserver is trying to send the traffic back to 100.100.100.100 via the default route - the DFL-210.  This means the connection between client and server is broken as the client expects to see the traffic from 2.2.2.2 (not 1.1.1.1).

Make sense?
So, to add to the above:

If you did remove all the port-forwarding on the Netgear and D-Link and put in the static route you had mentioned above on the servers to point traffic destined for 3.3.3.3 to 192.168.0.5 and keep the servers' default route pointing to 192.168.0.4, would that solve the problem? If yes, why not use that? If no, what would brake?
Avatar of smithdw1

ASKER

Thank-you both for your replies.  

Craigbeck,

Thank-you for laying out that scenario.  To clarify, no port forwarding will be taking place on the DFL (1.1.1.1).  What I would like to accomplish:

Requests from 3.3.3.3 for port 80 comes in on 2.2.2.2 and forwards to internal IP 192.168.0.13.  192.168.0.13 would then respond to that request by sending it to its default gateway (192.168.0.4).  A rule would be setup on 192.168.0.4 which sends any traffic destined for 3.3.3.3 out a default gateway of 192.168.0.5.  Essentially, I am moving the route statement from the individual server over to the default gateway router (or at least trying), which is where I am having trouble.  I believe I have this set correctly on the DFL, but I am missing something since it is not working as expected.  I am limited on troubleshooting as the switches are unmanaged, so getting packet captures has not been an option.

naderz,

Correct, if the route statement is placed on the server itself, the scenario does work.  However, my end goal is much more complicated and involves many more servers, so I was just laying out an example of using port 80 on a single server.  There are linux servers involved as well - a few we do not have console access.  They were managed by a third party IT company and the contracts expired...they are in the process of renegotiating, but in the mean time, I have no access to some servers to enter route statements, which is why I am hoping to get the route statements working on the DFL.
SOLUTION
Avatar of naderz
naderz
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
I appreciate the responses, however, it appears the DFL-210 is just too obscure of a device to get specific insight into why the solution is not working.