routing with multiple internet connections
Ive used this (10.4.Â*Multiple Connections to the Internet) very usefull guide on how to route traffic to multiple internet connections based on traffic type (http isp1 ftp isp2). It works a treat. However, it works as long as the machine that is accessing the internet resource is not the router pc itself. Heres what Ive got so far:
Fedora Core 6 setup with IP forwarding and iptables as the firewall 3 network cards - one network card going to isp1 (eth1) another going to isp2 (eth2) and another to connected to the LAN (eth0)
Ive set it up as a router as per Using Linux iptables or ipchains to set up an internet gateway / firewall / routerfor home or office.
Which basically says:
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush - Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain - Delete all chains that are not in default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward - Enables packet forwarding by kernel
That all works great. Next Ive got the stuff needed for the conditional routing:
iptables -t mangle -A PREROUTING -p tcp --dport 81 -s 192.168.99.0/24 -j MARK --set-mark 4
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp1
iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source xxx.xxx.xxx.xxx <-public ip address of isp2
there are some ip rules that get added that act upon the --set-mark:
ip rule add fwmark 4 table 4
I use port 81 as test, by setting up a remote web server that listens on port 81 and tells me (via php) what my ip address is.
Like I said, works a treat, as long the pc I use to browse (or whatever) is not the router pc itself, but id like it to work from the router pc as well as remote stations. Any suggestions greatly appreciated.