On Tuesday 02 July 2002 09:53 pm, Matthias Kattanek wrote:
> There seems to be lots of question about multihomed firewall/routers.
> I am in similiar situation. Having 2 ISP, where to provide services too.
>
> I managed to forward traffic to e.g. a web server in the DMZ zone.
> Main problem I encounter is that the response is always going out
> via the DEFAULT gateway on the router.
> (In my case one ISP doesn't like it and drops the response.)
>
> I was under the impression that connection tracking of Netfilter keeps
> "track" which interface the traffic came in and anticipated it would go
> out the same route it came from.
>
> What am I missing here?
> What does it take to make it happen?
> Do I just need additional rules for Netfilter?
> Would something like "ip_conntrack_isp" work out? Understood such module
> needs to be developed. Q just arises is that a way to go?
Here's a script I use with iproute2. It gives two default routes with
different weightings for different speed lines.
johna
GATEWAY0=216.254.97.1
GATEWAY1=65.185.37.22
NIC0=216.254.97.15
NIC1=65.185.37.21
route del default
ip route add 0.0.0.0/0 via $GATEWAY0 table E0
ip route add 0.0.0.0/0 via $GATEWAY1 table E1
ip rule add from $NIC0 table E0
ip rule add from $NIC1 table E1
ip route add default scope global \
nexthop via $GATEWAY0 weight 6 \
nexthop via $GATEWAY1 weight 1
ip route flush cache
