Multirouting 2 ISP with public addresses

Alexander Samad alex at samad.com.au
Wed Aug 17 05:19:45 CEST 2005


On Tue, Aug 16, 2005 at 05:33:49PM -0500, Wayne Alday wrote:
> List :
> 
> I have a similar setup to this gentleman:
> 
> eth0 connected with the LAN
> eth1 connected with the internet across ISP1
> eth2 connected with the internet acorss ISP2
> 
> Although I can find a thousand examples on how to do this with NAT, 
> there doesnt seem to be anyone wanting to do it with real IP addresses, 
> or not that I have found in 3 days of searching.
> 
> I read the following link :
> 
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
> 
> Seems to be just what I need, except I do not wish to load balance or 
> have servers avaiable everywhere, or have redundancy, but just for the 
> box to do what i guess would be called source routing. My delimma is 
> that living in a remote town bandwidth costs are moderate to high. I 
> have a 6 meg bonded T-1 setup on a cisco 3640 router that we outgrew 
> quickly. A DS-3 connection where I live would of cost nearly 15K / month 
> because we live near no POP.So we put some fiber up, and needless to say 
> we have 10 / mbit with the capability to turn it up as needed at a much 
> cheaper cost. The problem is we are having to eat the monthly charges 
> for our current bandwith and would like to utilize it for CPE. Im pretty 
> sure with the research I have done that this is possible to put on our 
> current linux router, but  I must be  missing a key somewhere, and I 
> would like a fresh look on the problem.
> 
> Here is what I wish to do.
> 
> eth1 is connected to my 6mbit line thru the FE0/0 port on the 
> router.(192.168.200.2)
> eth2 is connected to the fiber transceiver to 10 mbit (192.168.252.2)
> eth0 is connected to my lan. (12.150.243.129)
> 
> I have route statements in the 3640 that route ALL traffic for the 
> public addresses thru a private subnet
> ip route 12.37.169.0 255.255.255.0 192.168.200.2
> ip route 12.150.225.0 255.255.255.0 192.168.200.2
> ip route 12.150.243.128 255.255.255.224 192.168.200.2
> ip route 12.150.243.160 255.255.255.240 192.168.200.2
> ip route 12.150.243.176 255.255.255.240 192.168.200.2
> ip route 12.150.243.192 255.255.255.192 192.168.200.2
> ip route 12.175.45.0 255.255.255.128 192.168.200.2
> 
> The linux box in turn hands it off to various other parts and routers
> 
> What I would like to do is throw the following 4 Class C addresses onto 
> eth2 and have them route according to what network.
> 70.158.60.0
> 70.158.61.0
> 70.158.62.0
> 70.158.63.0

let me have a shot

# setup the rules
ip ru add from 192.168.252.2 pref 200 table fibre
ip ru add from 192.168.200.2 pref 201 table router

# setup default route for each interface
ip ro add table fibre default via 192.168.252.1 dev eth2 src 192.168.252.2
ip ro add table router default via 192.168.200.1 dev eth1 src 192.168.200.2


# You still need to setup the normal table (main)


# setup routing back for each interface
ip ro add table fibre 12.150.243.0/24 dev eth0 scope local
ip ro add table router 12.150.243.0/24 dev eth0 scope local

# setup cross routing just in case
ip ro add table fibre 192.168.200.0/24 dev eth1 src 192.168.252.2
ip ro add table router 192.168.252.0/24 dev eth2 src 192.168.200.2


# no setup natting
iptables -t nat -I POSTROUTING -o eth1  -j SNAT --to-source 192.168.200.2
iptables -t nat -I POSTROUTING -o eth2  -j SNAT --to-source 192.168.252.2
iptables -t nat -I POSTROUTING -i eth0 -d 70.158.63.0/24 -j SNAT --to-source 192.168.252.2
iptables -t nat -I POSTROUTING -i eth0 -d 70.158.62.0/24 -j SNAT --to-source 192.168.252.2
iptables -t nat -I POSTROUTING -i eth0 -d 70.158.61.0/24 -j SNAT --to-source 192.168.252.2
iptables -t nat -I POSTROUTING -i eth0 -d 70.158.60.0/24 -j SNAT --to-source 192.168.252.2

iptables -I FORWARD -i eth0 -j ACCEPT


That should do it


might have missed something, but this is about the guts of mine

> For instance if I assign a CPE an Ip address in the 12.150 range, i wish 
> for all that traffic to route out eth1 to the wireline
> If I assign a CPE IP in the 70.158 ranges, I would like it to route out eth2
> 
> The router on the other side of the fiber net has the exact same routes 
> for the 70.158 ranges as the ones on my wireline with the exception
> they are routing to 192.168.252.2 instead of 192.168.200.2
> 
> Ive seen suggestions on marking packets, setting up 2 routing tables, 
> and others, but i have had limited success on getting this going.
> 
> Could anyone provide some thoughts or input or an example? It would be 
> greatly appreciated. If I havent been descriptive enough, will provide 
> more details
> 
> Thanks in advance
> 
> --Wayne
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/netfilter/attachments/20050817/1d14d5e3/attachment.bin


More information about the netfilter mailing list