Charles.. i try adding the following commands in the network.conf
>Ipchains commands to be added to box3 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 80 -m 2 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 110 -m 3 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 25 -m 4 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 1214 -m 5 > >Last but not lease: >i have to create the following ip rules on BOX3: >ip rule add fwmark 2 table http pref 2500 >ip rule add fwmark 3 table pop3 pref 2500 >ip rule add fwmark 4 table smtp pref 2500 >ip rule add fwmark 5 table 1214 pref 2500 > >ip ro add 0/0 dev eth0 table http >ip ro add 0/0 dev eth0 table smtp >ip ro add 0/0 dev eth1 table 1214 >ip ro add 0/0 dev eth0 table pop3 but it seems that they are probably loading before the necessary devices are started, i inserted them just before the QOS functions / after the DNS Server Settings The onliest that were loaded wer the ip rule add fwmark etc.. the ipchains command were not loaded neither was the ip ro add 0/0 dev etc.. I wanted to make a script and add it to the init.d directory, but due to my limited experience, i didn't know how to get the script executed at boot time, or is there maybe an existing script in the init.d that i can add these commands to.. Somehow i noted when booting, i got a message, about some device not ready or is busy.....and after that message, is when i saw the ethx devices being loading at the bottom of the screen when the router is booted.. Please help me out once again..then we starting to cook.... thnks On Wed, 23 Jan 2002 11:50:13 -0600, Charles Steinkuehler wrote: >CS> Comments inline... > >What i'm trying > >3 LEAF boxes > >BOX 1 --> Cable >eth0 via PPPOE >eth1 192.168.1.6/30 > >BOX 2 --> ADSL >eth0 213.10.x.x >eth1 192.168.1.2/30 > >BOX 3 --> Local Network (Non FIREWALL/Non Natting -Straight Router) >eth0 192.168.1.1/30 connects to Box2 >eth1 192.168.10.254 connects to Local Net >eth2 192.168.1.5/30 connects to Box 1 > >The intern net was needed so that the 192.168.10.0 can also be >MASQueraded >to >the internet since the 192.168.1.0/30 and 192.168.10.4/30 are >separate >SUBNETS > >The reason for all of this is basically because i have extra >486/50's an >P120's >and extra NICS to my disposal, and mainly because getting 1 LEAF box >connecting >via 2 ISP's was being a little difficult with Multiple EXTERNEL >INTERFACES, >getting all the firewall rules needed to protect both external >interfaces, >and >after all i tried many ways of telling Dachstein that i have to >Extern. >Interfaces, but was getting nothing but fraustration, and after all, >it >seems >to me, that no one on the list was succesfull in getting it done >either. > >CS> Not a bad way to go about it, if you've got the extra >boxes...you can >always work on consolidating a working solution once you've got >everything >running properly. > >CS> Why not use equal-weight routing, and > >The ipchains commands are needed to MARK the TCP packets, and base >on their >PORT, they will be either sent to the CABLE or the ADSL connection >using the >"ip route" command > >More info needed: >Which file would be the best to put some static routes so that they >can be >created during the boot up, and also, if i want to include some >ipchains >commands where can i do that.. >eg > >Static routes to be created at boot on box 1 and box 2 >ip route add 192.168.10/24 via 192.168.1.5 (box2) >ip route add 192.168.10/24 via 192.168.1.1 (box1) > >CS> Use the <iface>_ROUTES setting in /etc/network.conf...eg on box1: >eth1_ROUTES="192.168.10/24_via_192.168.1.1" > >CS> Note spaces -> underscores > >Ipchains commands to be added to box3 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 80 -m 2 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 110 -m 3 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 25 -m 4 >ipchains -A input -p tcp -s 192.168.10.0/24 -d 0/0 1214 -m 5 > >Last but not lease: >i have to create the following ip rules on BOX3: >ip rule add fwmark 2 table http pref 2500 >ip rule add fwmark 3 table pop3 pref 2500 >ip rule add fwmark 4 table smtp pref 2500 >ip rule add fwmark 5 table 1214 pref 2500 > >ip ro add 0/0 dev eth0 table http >ip ro add 0/0 dev eth0 table smtp >ip ro add 0/0 dev eth1 table 1214 >ip ro add 0/0 dev eth0 table pop3 > >would i have to put these in a script to be created every time at >boot, or >what >PACKAGE do i have to backup on Dachstein to have these commands >saved once i >create them. > >CS> There's no really clean place to add these. You could tack >them into >network.conf if you want, or make your own init script in >/etc/init.d. For >either approach, backup etc to save your changes. > >In this scenario, what is the best settings for the following >configs: >IPFILTER_SWITCH=Router or NONE (current setting=ROUTER) >IPALWAYSDEFRAG_KERNEL=YES or NO (current setting=NO) >IPFWDING_KERNEL=YES or NO or FILTER_ON (current setting=YES) > >CS> >I'd probably use IPFILTER_SWITCH=NONE...IIRC, the ROUTER setting may >block >some traffic (snmp, and possibly private IP's). > >IPALWAYSDEFRAG_KERNEL probably doesn't matter, but if it's set to >YES on >your firewall boxes (likely), you should probably set it to NO on >box3. > >IPFWDING_KERNEL should be YES...if it's anything else, you won't >route >packets if IPFILTER_SWITCH=NONE > >Charles Steinkuehler >http://lrp.steinkuehler.net >http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) > > ------------------------------------------------------------- Reginald R. Richardson [EMAIL PROTECTED] on 1/24/2002 _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
