Re: [CentOS] how to force outbound ssh through one network card

[Greg Ennis]

I did this once more than 10 years ago. If I was to do it again, I would
probably get shorewall to do most of the heavy lifting:

-

Hey, thanks everyone for your help...  I thought this would be easy with
iptables, but looks like I have some fun experimental work ahead of
me  :)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[Kahlil Hodgson]

I did this once more than 10 years ago. If I was to do it again, I would
probably get shorewall to do most of the heavy lifting:

http://shorewall.net/MultiISP.html
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[Marcelo Ricardo Leitner]

Em 09-03-2016 01:54, John R Pierce escreveu:

On 3/8/2016 8:47 PM, Clint Dilks wrote:

Here is documentation that may help
http://lartc.org/howto/lartc.rpdb.multiple-links.html  but as John
mentions
it is painful to get right.



sadly, that document is like 15 years old, and hasn't been updated. the
basics are still valid, but things like how to integrate that with RHEL
startup scripts?  nada, you're on your own.


That's actually beyond that document scope.

Anyway, /usr/share/initscripts-*/sysconfig.txt has the info you need to 
integrate those comments on RHEL. Like, for the ip rule commands:


/etc/sysconfig/network-scripts/rule-
/etc/sysconfig/network-scripts/rule6-

  Contains lines that specify additional routing rules that should be added
  when the associated interface is brought up.

  Each non-comment line is used directly as an argument to "/sbin/ip 
rule add"

  or "/sbin/ip -6 rule add" for rule6 files.


YMMV if you want to use NetworkManager/firewalld, of course.

  Marcelo


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[John R Pierce]

On 3/8/2016 8:47 PM, Clint Dilks wrote:

Here is documentation that may help
http://lartc.org/howto/lartc.rpdb.multiple-links.html  but as John mentions
it is painful to get right.



sadly, that document is like 15 years old, and hasn't been updated.   
the basics are still valid, but things like how to integrate that with 
RHEL startup scripts?  nada, you're on your own.






--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[Clint Dilks]

Hi

Here is documentation that may help
http://lartc.org/howto/lartc.rpdb.multiple-links.html but as John mentions
it is painful to get right.



On Wed, Mar 9, 2016 at 5:17 PM, John R Pierce  wrote:

> On 3/8/2016 8:13 PM, Fred Smith wrote:
>
>> though I have no personal experience with this, I'm guessing that
>> the term you want is "bonding" or "bonded interfaces". You can probably
>> find articles on how to do that with some judicious googling.
>> I know I've seen such articles, but haven't kept any records of where.
>>
>
> NO.
>
> you can't bond two interfaces connected to different ISP's.
>
> best you can do is limited load balancing, and/or use source tagged
> routing via ip rules to change gateways.   its a mess to get right.
>
>
>
> --
> john r pierce, recycling bits in santa cruz
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[John R Pierce]

On 3/8/2016 8:13 PM, Fred Smith wrote:

though I have no personal experience with this, I'm guessing that
the term you want is "bonding" or "bonded interfaces". You can probably
find articles on how to do that with some judicious googling.
I know I've seen such articles, but haven't kept any records of where.


NO.

you can't bond two interfaces connected to different ISP's.

best you can do is limited load balancing, and/or use source tagged 
routing via ip rules to change gateways.   its a mess to get right.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] how to force outbound ssh through one network card

[Fred Smith]

On Tue, Mar 08, 2016 at 09:41:43PM -0600, Gregory P. Ennis wrote:
> Everyone,
> 
> I am putting together a new gateway machine that controls all of the
> traffic in and out of one of our offices.  We we have a machine with
> CentOS Linux release 7.2.1511 (Core)  with 3.10.0-327.10.1.el7.x86_64
> kernel which is now equipped with three nic cards.   We decided to
> change our internet providers, but unfortunately Comcast would not
> allow us to drop there service without some penalties so management
> decided to keep the line and not put up a fight. Of the three nic
> cards, one card serves the local network inside the office, and the
> other two will connect to the two different internet lines.   
> 
> This has resulted in providing us with two outbound internet lines that
> we can use.  I decided to do some experimenting to see if I could use
> iptables or other venues to use both outside internet addresses to
> augment our bandwidth.  
> 
> Can anyone refer me to any tutorial or give me suggestions as to how to
> route outbound ssh traffic that is generated from one of the machines
> inside the network through only one of the specified nic cards on the
> gateway.  I would like to see if I can utilize this extra band width by
> splitting ssh traffic and html traffic.  Essentially, I would like to
> force outbound ssh traffic on only one of the outside nic cards.
> 
> Any ideas?
> 
> Greg Ennis

though I have no personal experience with this, I'm guessing that
the term you want is "bonding" or "bonded interfaces". You can probably
find articles on how to do that with some judicious googling.
I know I've seen such articles, but haven't kept any records of where.

Good luck!

Fred

-- 
---
Under no circumstances will I ever purchase anything offered to me as
the result of an unsolicited e-mail message. Nor will I forward chain
letters, petitions, mass mailings, or virus warnings to large numbers
of others. This is my contribution to the survival of the online
community.
 --Roger Ebert, December, 1996
- The Boulder Pledge -
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] how to force outbound ssh through one network card

[Gregory P. Ennis]

Everyone,

I am putting together a new gateway machine that controls all of the
traffic in and out of one of our offices.  We we have a machine with
CentOS Linux release 7.2.1511 (Core)  with 3.10.0-327.10.1.el7.x86_64
kernel which is now equipped with three nic cards.   We decided to
change our internet providers, but unfortunately Comcast would not
allow us to drop there service without some penalties so management
decided to keep the line and not put up a fight. Of the three nic
cards, one card serves the local network inside the office, and the
other two will connect to the two different internet lines.   

This has resulted in providing us with two outbound internet lines that
we can use.  I decided to do some experimenting to see if I could use
iptables or other venues to use both outside internet addresses to
augment our bandwidth.  

Can anyone refer me to any tutorial or give me suggestions as to how to
route outbound ssh traffic that is generated from one of the machines
inside the network through only one of the specified nic cards on the
gateway.  I would like to see if I can utilize this extra band width by
splitting ssh traffic and html traffic.  Essentially, I would like to
force outbound ssh traffic on only one of the outside nic cards.

Any ideas?

Greg Ennis



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos