Packet routing by source IP

Hi,

I have two internet connections and a lan on which I run a server. I
want this server to be accessible from both internet connections so I
came up with the following setup:

ISP connection 1 goes into a linux router and the connection 2 goes
into a trendnet hardware router. They both redirect port 10000 to the
server machine. On the server machine, there is one network card with
IP 192.168.1.102 and with an alias IP of 192.168.1.202. The linux
router redirects the traffic on port 10000 to IP 192.168.1.102 and the
trendnet one redirects to 192.168.1.202. The gateway on this computer
is set to the IP of the linux router (192.168.1.5).

On the linux box I want to redirect incoming traffic from 192.168.1.202
to be routed through the trendnet router (192.168.1.100) back into the
internet so both connections can be used.

So far I've found out two things:

1. iptables has a ROUTE target and can route the packets by source IP.
However it seems my kernel doesn't have the ROUTE target working and I
don't know how to get it working. In /lib/iptables/ I can find a
libipt_ROUTE.so file but modconf doesn't list the route target module.
I tried getting the sources for my kernel (2.6.8) and I can't find the
ROUTE target module in menuconfig in Device
Drivers->Networking->..->Netfilter, neither can I find any info on it
in my current kernel config file.

2. I've tried marking the packets from source ip with mark 4. and then
doing
ip rule add fwmark 4 table 7
ip route add default via 192.168.1.100 table 7
ip route flush cache

However this doesn't seem to work, ip rule show and ip route show don't
even show the route i added so I'm guessing it didn't get added at all,
but when I try adding it I get a "File exists" message.

I tried to debug this method with tcpdump, but it doesn't work with the
gateway parameter, probably because libpcap was built with IPv6 which
disables this option. I got the sources for this library from the cvs,
modified the makefile to create a shared library but I can't get it to
work, some symbols are missing.

Any ideas how to set this up and how to debug it ?

Thanks in advance,
Andrei

.

Relevant Pages

  • Re: Data throughput of Port 25 connections?
    ... "ahead" of the Server, at the Router. ... I had had to open a NAT Port Redirection to allow Port 25 to go ... killed dead the suspicious connections & only Port 25 connections from the ... router logs with none then having to be dropped by ISA server. ...
    (microsoft.public.windows.server.sbs)
  • Re: RAS Routing not working...need advice
    ... Because there can be multiple VPN connections to a RRAS router, ... The static route on the answering router will only become active if the ... Hopefully from my basic ASCII diagram you can see that each RAS server has ...
    (microsoft.public.windows.server.networking)
  • Re: Internet connetivity over LAN problem
    ... >> I think my 2503 router is not compatible for broadband. ... > used on consumer-type connections. ... > itself--point only at it for DNS, with forwarders set on the DNS server. ...
    (microsoft.public.win2000.general)
  • Re: VPN routing with W2K RRAS
    ... without a static route on each router the traffic will not be able to reach its destination. ... A route on the corporate RRAS server is required for return traffic to reach its destination. ...
    (microsoft.public.win2000.ras_routing)
  • Re: A DHCP setting question.
    ... "route add" command in login script need the user has the privilege of changing network configuration. ... >> I have a question about DHCP server option '033 static route option'. ... My ISP provided a router to my company for internet connection. ... One of our client required us to logon their internetapplication ...
    (microsoft.public.windows.server.networking)