Hi -
On Tue, Aug 13, 2002 at 12:31:22PM -0500, Charles Steinkuehler wrote:
>Not that I have time to mess with this, but what's the current state of
>the art regarding multiple upstream internet connections and possible
>bandwidth sharing?
I saved this posting from the netfilter list, I think it answers your
question.
Regards,
// George
Date: Tue, 2 Jul 2002 22:29:16 -0400
From: John Adams <[EMAIL PROTECTED]>
Subject: Re: 2 ISPs on firewall
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
On Tuesday 02 July 2002 09:53 pm, Matthias Kattanek wrote:
> There seems to be lots of question about multihomed firewall/routers.
> I am in similiar situation. Having 2 ISP, where to provide services too.
>
> I managed to forward traffic to e.g. a web server in the DMZ zone.
> Main problem I encounter is that the response is always going out
> via the DEFAULT gateway on the router.
> (In my case one ISP doesn't like it and drops the response.)
>
> I was under the impression that connection tracking of Netfilter keeps
> "track" which interface the traffic came in and anticipated it would go
> out the same route it came from.
>
> What am I missing here?
> What does it take to make it happen?
> Do I just need additional rules for Netfilter?
> Would something like "ip_conntrack_isp" work out? Understood such module
> needs to be developed. Q just arises is that a way to go?
Here's a script I use with iproute2. It gives two default routes with
different weightings for different speed lines.
johna
GATEWAY0=216.254.97.1
GATEWAY1=65.185.37.22
NIC0=216.254.97.15
NIC1=65.185.37.21
route del default
ip route add 0.0.0.0/0 via $GATEWAY0 table E0
ip route add 0.0.0.0/0 via $GATEWAY1 table E1
ip rule add from $NIC0 table E0
ip rule add from $NIC1 table E1
ip route add default scope global \
nexthop via $GATEWAY0 weight 6 \
nexthop via $GATEWAY1 weight 1
ip route flush cache
--
GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229
Security Services, Web, Mail, mailto:[EMAIL PROTECTED]
File, Print, DB and DNS Servers. http://www.galis.org/george
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
