Re: Linux multihomed routing (2 ISP, 1 internal network) problem

andy_occ@xxxxxxxxxxx wrote:
Hi all !!

I'm having a little trouble with a multihomed setup I am running here.
I'll try to give as much information as possible.

I am using the latest Debian release with kernel 2.6.18-4-686.
I am doing the routing using iproute2. the rules are setup with
iptables.
The system has 3 NICs: eth0 has the cable ISP (called "TELENET"), eth1
has the ADSL ISP (called "SKYNET") (with external modem) and eth2 is
my internal network (called "INTERN"). The ADSL line has a fixed IP,
and is used to connect to one of our servers from remote locations
(the modem is setup to forward everything that hits it to my IP on
eth1)
The cable ISP is the preferred ISP (ie: all undefined outgoing traffic
goes thru the cable provider).
All clients on the lan have full access, no restrictions, to do
whatever they want online.
I am using ip route rules and iptables with --set-mark to tell certain
traffic which routing table to use.

When I finished configuring Saturday evening, everything was working
like a charm. When I tested again today, suddenly it didn't work
as good anymore ...

Something has changed overnight but I have no clue what it is.
After some testing, I figured out 2 things: my dns traffic suddenly
wants to go thru the DSL line and my clients can not directly connect
to the internet anymore. After setting a clients dns servers to the
DSL ISP's dns servers, they could resolve again, but they can still
not surf anymore. The Linux machine itself can still perfectly do
everything.

All posted information considered, one guess would be that IP forwarding
is not working. Does cat /proc/sys/net/ipv4/ip_forward yield 1 or 0?
Another guess would be the LAN interface isn't working, but that would
also prevent LAN<->Linux_box traffic.

Although I'm no expert, the two iptables network forwarding rules for
LAN<->TELENET looked reasonable. However, the unfettered inbound Internet
traffic would worry me.

<snip technical stuff>

--
Clifford Kite
/* Speak softly and carry a +6 two-handed sword. */
.

Relevant Pages

  • Re: iptables RH 9.0
    ... > Can reach the internet most of the time ... > In which directory do I setup iptables? ... > Or are these two different files for networking? ...
    (linux.redhat.install)
  • Re: Network changes somehow....
    ... At home I log on to to the internet using a internal network ... > via router/hub setup when I go to work I log onto the internet via ... > works, I have to reboot the computer, what exactly changes and how can ...
    (microsoft.public.windowsxp.general)
  • Re: SBS 2008 Connect to Internet - Need some help!
    ... the internal network ... getting the Connect to Internet wizard to work. ... When I try to run the Connect to Internet wizard it keeps complaining ... Is there anyway to setup the Internet Address and setup adding a Trusted ...
    (microsoft.public.windows.server.sbs)
  • routing/gateway issue
    ... I'm setting up a linux box with Red Hat 9. ... On the internal nic I setup DHCP. ... But I can not get to the internet. ... while my internal network is working great, I need to get to the ...
    (comp.os.linux.networking)
  • Firewall *almost* working!
    ... Thanks to the help of the people in this newsgroup we have our firewall ... We can now browse the internet from our internal network ... iptables -P FORWARD ACCEPT ...
    (comp.os.linux.security)