Question on iptables/iproute2

Chris Chabot chabotc@reviewboard.com
Fri, 17 Aug 2001 05:23:43 +0200 

    A question, im trying to setup my gateway / firewall machine using
both a cable modem, and a adsl modem. My prefered setup would be that
the adsl modem is the default route, where as the cable modem recieves
DNS requests, and recieves email..

(previously this functionality was split over 2 boxes).

I have read the documents available at http://www.ds9a.nl/2.4Routing/,
but im afraid i havent been able to make any usefull progress yet .. (i
am still very new to iproute 2).

The MX record in the dns is pointed @ the cable modem's address, so are
the dns hosting it self.

What i imagined i'd have to do is (super pseudo code)

    Setup default route -> adsl
    Setup route 'cable network' -> cable
    Setup route outgoing dns -> cable
    Setup route incoming mail -> cable
    Setup route outgoing mail -> cable


i'd imagine that this would look like:

# ip route add default ADSL_GW dev ppp0

# iptables -A PREROUTING -t mangle -i CABLE_INT -d CABLE_NET -j MARK
--set-mark 1
# ip rule add fwmark 1 table CABLE_TABLE
# ip route add via CABLE_GW dev CABLE_INT

# iptables -A PREROUTING -t mangle -i CABLE_INT --dport 25 -j MARK
--set-mark 2
# ip rule add fwmark 2 table CABLE_MAIL_TABLE
# ip route add via CABLE_GW dev CABLE_INT table CABLE_MAIL_TABLE

# iptables -A PREROUTING -t mangle -i CABLE_INT --dport 25 -j MARK
--set-mark 3
# ip rule add fwmark 3 table CABLE_DNS_TABLE
# ip route add via CABLE_GW dev CABLE_INT table CABLE_DNS_TABLE

However, this doesnt seem to buy me anything :) Whats more,  i dont seem
to be able to get to the CABLE_INT from the outside world at all! (cant
ftp to it, ping it, or any other sign of life). However if i ping the
CABLE_GW from the box it self, it uses the CABLE_INT, and reaches it
perfectly (and gets replies!).

The box has 3 network cards, internal network (192.168.0.x), network
card to adsl modem (10.0.0.x), and the network card to cable modem
(direct external IP). The adsl modem scripts setup a ppp0 link (tunnel)
with the external adsl ip ..

if i setup my cable modem's route as default (remove def route adsl), it
pings fine, and visa versa, if i set adsl as default route, that works
(ping etc) fine to.. But i can't figure out why the 'other' interface
refuses to function.. Should i not use default routes and work with
priorities or ... ??

(im using iptables 1.2.2, and iproute 2.2.4. Advanced routing, rtnetlink
devices etc setup properly (it would seem)).

Whats wrong in my thinking? seems im droping some neural packets in my
brain trying to figure this one out :)

Any help and/or hints would be greatly apreciated!

    -- Chris