Re: Masq/Sharing 2 Internet connections
From: P Gentry (rdgentry1_at_cablelynx.com)
Date: 14 Aug 2004 10:02:51 -0700
AcCeSsDeNiEd <dillon@SpamMinuSaccessdenied.darktech.org> wrote in message news:<email@example.com>...
> I'm pulling my hair out getting this one to work.
> So anyone out there plz help.
> I have this setup:
> eth0 and eth1 are connected to my Local area network:
> eth2 is connected to the internet via a lease line.
> ppp0 is connected to an ADSL provider:
> I need the users on eth0 to access the internet via eth2 and
> the users at eth1 should access the internet via ppp0
> I read the Linux Advance networking at: http://www.lartc.org/howto/lartc.rpdb.multiple-links.html
> And this is what I did:
> Added tables 'IPQ_eth2' and 'ADSL' in /etc/iproute2/rt_tables
> #/sbin/ip route add 220.127.116.11 dev eth2 src 18.104.22.168 table IPQ_eth2
> #/sbin/ip route add default via 22.214.171.124 table IPQ_eth2
> #/sbin/ip route add 126.96.36.199 dev eth2 src 188.8.131.52
> #/sbin/ip rule add from 184.108.40.206 table IPQ_eth2
> #/sbin/ip route add 220.127.116.11 dev ppp0 src 18.104.22.168 table ADSL
> #/sbin/ip route add default via 22.214.171.124 table ADSL
> #/sbin/ip route add 126.96.36.199 dev ppp0 src 188.8.131.52
> #/sbin/ip rule add from 184.108.40.206 table ADSL
> Ok, from here on, packets coming into the Internet connections get out/back via their own respective
> gateways. That works.
> Next to share the internet connections:
> In my IPTABLES:
> #Enable NAT routing from eth2
> $IPT -t nat -A POSTROUTING -o eth2 -s 10.30.1.0/24 -j MASQUERADE
> #Enable NAT routing from ppp0 (ADSL)
> $IPT -t nat -A POSTROUTING -o ppp0 -s 10.20.0.0/22 -j MASQUERADE
MASQing is meant for a single uplink connection -- it's just a special
case of SNAT where there is only one public IP.
> This is where the problem is. Only the ppp0 sharing works with the eth1 users.
> That is, if I don't set a default gateway on the linux box.
> Setting a default gateway (220.127.116.11) in ifcfg-eth2 has reverse results.
> I can only get either one sharing to work but not both.
> What am I missing?
> Thanks a million.
If I understand, you have incoming traffic and the reply packets
routing AOK -- just as lartc example provides.
What you need is to route some lan sources via eth2 and other,
different, sourceIPs via ppp0.
Rather than try to explain how you might go about this, I'll just
refer you to:
which provides an example of what to do to route/NAT outbound traffic
that originates on the lan. This marks/routes by port#/service but
should provide what you need to route/NAT by source IP. Note that the
key is to start manipulating the packets as soon as they enter Linux
Router so that they flow through the system ready for proper routing
and NATing by netfilter.
A couple of years ago I played with this -- quite rusty memory now.
You _will_ want to confirm that all is going as desired -- sniffing
the wire is a big help.
Above url is a good compliment to lartc -- he tries to cover the areas
_not_ covered by lartc. The whole document is highly recommended.
email above disabled