-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was actually going to offer "Stupid Tricks With iptables, iproute2,
and Friends" as a preso for tonight's meeting, before realizing I
couldn't be there.
Here's what I'd do ("policy routing for Linux"):
1) if you're using a cable modem for "bulk bandwidth", you'll want to
make that your router's "real" default route, since it'll probably be
getting its config via DHCP, and that'll populate into the kernel's
default routing table
2) hook the T1 to a separate NIC on the router
3) create an alternative routing table with the T1 as its default route
3.1) add something like "201 t1.out" to /etc/iproute2/rt_tables
3.2) 'ip route add default via [w.x.y.z] dev [ethX] table t1.out'
3.3) [populate your other LAN routes in here, too]
4) use iptables' mangle table to tattoo packets sourced from-/bound for
your servers with some special MARK, like "1"
4.1) 'iptables -A PREROUTING -s [se.rv.er.ip] -j MARK --set-mark 0x1'
4.2) 'iptables -A PREROUTING -d [se.rv.er.ip] -j MARK --set-mark 0x1'
5) use an ip rule to jam these packets into the alternate routing table
5.1) 'ip rule add fwmark 1 table t1.out'
6) IIRC, if you're masquerading outbound packets, you'll need to move to
SNAT (on each of the cable modem and T1 interfaces), though I can't
remember why at the moment
Good luck, and let fly if you have questions.
Cheers,
- -sth
sam hooker|[email protected]|http://www.noiseplant.com
I have received the love Internet dispatch.
-spam
On 2009/03/17 4:52 PM, Rene Churchill wrote:
>
> Hey gang,
>
> I'm looking for some pointers/recommendations on how to setup a
> router for an office to split/share bandwidth between two sources.
> I know enough about networking to keep my internal network up
> but I'm getting into deeper waters here.
>
> Here's the scenario. I'm in an office with a split T1 currently. Half
> phone, half data. The office is growing, so the number of times the
> pipe gets clogged during the day is increasing and it's getting annoying.
> I've got to keep the static IP as we've got email, ftp and a couple of
> minor web servers running. The current firewall is a SmoothWall
> Express v2 that Stan setup several years ago for us.
>
> What I'd like to go is get a cable modem tied into the office to provide
> some cheap bandwidth for the majority of our data needs during the day.
> The servers have static internal IPs, the desktop PCs have dynamic IPs,
> so they're easy to tell apart.
>
> So, any suggestions on how to setup a firewall/router that will send the
> traffic from the desktops out over the cable modem while letting the servers
> have the T1 bandwidth?
>
> Many thanks,
> Rene
>
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> René Churchill [email protected]
> Geek Two 802-244-7880 x527
> Your Source for Local Information http://www.wherezit.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAknAFEkACgkQX8KByLv3aQ16xQCfeZlaptsNpQtqWIbU32x4VP22
8SQAn2v/EBkyFrEkz51ML/y/rFpxLfMl
=MqBy
-----END PGP SIGNATURE-----
