Advanced routing, two ISP's

Hi,
I have a scenario, where my linux gateway has access to internet via to
ISP connections. I've prepared source routing for my private networks
based on static routing tables.
I have a server behind NAT and i'm using DNAT to access it, but it's
only avalible via ISP connection selected as default.
Is there possible to have the DNATed server accessible using both ISP
connections? Maybe there is a way with connmark or something.
Waiting for yours suggestions.
It's a pity that none of my ISPs provides BGP protocol

--
Regards
Dariusz Malec
(E-Mail Removed)

On 13.05.2010 02:03, Dariusz Malec wrote:
> Hi,
> I have a scenario, where my linux gateway has access to internet via to
> ISP connections. I've prepared source routing for my private networks
> based on static routing tables.
> I have a server behind NAT and i'm using DNAT to access it, but it's
> only avalible via ISP connection selected as default.
> Is there possible to have the DNATed server accessible using both ISP
> connections? Maybe there is a way with connmark or something.
> Waiting for yours suggestions.
> It's a pity that none of my ISPs provides BGP protocol
>

http://www.mentby.com/Group/netfilte...t-problem.html

provided by g00gle...

Hello,

Mart Frauenlob a écrit :
> On 13.05.2010 02:03, Dariusz Malec wrote:
>> Hi,
>> I have a scenario, where my linux gateway has access to internet via to
>> ISP connections. I've prepared source routing for my private networks
>> based on static routing tables.
>> I have a server behind NAT and i'm using DNAT to access it, but it's
>> only avalible via ISP connection selected as default.
>> Is there possible to have the DNATed server accessible using both ISP
>> connections? Maybe there is a way with connmark or something.
>> Waiting for yours suggestions.
>> It's a pity that none of my ISPs provides BGP protocol

I don't see how BGP would help here.

> http://www.mentby.com/Group/netfilte...t-problem.html

Thanks for digging this out, I don't need to repeat myself. :-)

Mart Frauenlob pisze:
> On 13.05.2010 02:03, Dariusz Malec wrote:
>> Hi,
>> I have a scenario, where my linux gateway has access to internet via to
>> ISP connections. I've prepared source routing for my private networks
>> based on static routing tables.
>> I have a server behind NAT and i'm using DNAT to access it, but it's
>> only avalible via ISP connection selected as default.
>> Is there possible to have the DNATed server accessible using both ISP
>> connections? Maybe there is a way with connmark or something.
>> Waiting for yours suggestions.
>> It's a pity that none of my ISPs provides BGP protocol
>>
>
> http://www.mentby.com/Group/netfilte...t-problem.html
>
> provided by g00gle...

Well i had some problems but i figured it out
I've found out that DNAT works ok when using ISP connection which is set
as default gateway in main routing table. When using the second one i
figured it out that the packers passes PREROUTING chain in mangle table
and PREROUTING in nat table, and then they are dropped.
I found out that disabling rp_filter on public interfaces solves the
problem.
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter

--
Regards
Dariusz Malec

Dariusz Malec a écrit :
>
> Well i had some problems but i figured it out
> I've found out that DNAT works ok when using ISP connection which is set
> as default gateway in main routing table. When using the second one i
> figured it out that the packers passes PREROUTING chain in mangle table
> and PREROUTING in nat table, and then they are dropped.
> I found out that disabling rp_filter on public interfaces solves the
> problem.
> echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter

This problem is well known and not specific to DNAT. It affects all
incoming and outgoing connections going through the non-default interface.