Masq/Sharing 2 Internet connections

I'm pulling my hair out getting this one to work.

So anyone out there plz help.

I have this setup:

________
+------------+ /
| | |
+-------------+ Provider 1 +-------
__ | | | /
___/ \_ eth0 +------+-------+ +------------+ |
_/ \__ -----| eth2 | /
/ | | |
| Local network + Linux router | | Internet
\_ eth1 | | |
\__ __/ -----| ppp0 | \
\___/ +------+-------+ +------------+ |
| | | \
+-------------+ Provider 2 +-------
| | |
+------------+ \________


eth0 and eth1 are connected to my Local area network:

eth0=10.30.1.0
eth1=10.20.0.0

eth2 is connected to the internet via a lease line.
ppp0 is connected to an ADSL provider:

eth2=161.18.195.4
ppp0=220.255.206.242


I need the users on eth0 to access the internet via eth2 and
the users at eth1 should access the internet via ppp0

I read the Linux Advance networking at: http://www.lartc.org/howto/lartc.rpd...ple-links.html
And this is what I did:

Added tables 'IPQ_eth2' and 'ADSL' in /etc/iproute2/rt_tables

eth2:
#/sbin/ip route add 161.18.195.0 dev eth2 src 161.18.195.4 table IPQ_eth2
#/sbin/ip route add default via 161.18.195.1 table IPQ_eth2
#/sbin/ip route add 161.18.195.0 dev eth2 src 61.8.195.4
#/sbin/ip rule add from 161.18.195.4 table IPQ_eth2

ppp0:
#/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242 table ADSL
#/sbin/ip route add default via 220.255.206.1 table ADSL
#/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242
#/sbin/ip rule add from 220.255.206.242 table ADSL

Ok, from here on, packets coming into the Internet connections get out/back via their own respective
gateways. That works.


Next to share the internet connections:
In my IPTABLES:

#Enable NAT routing from eth2
$IPT -t nat -A POSTROUTING -o eth2 -s 10.30.1.0/24 -j MASQUERADE

#Enable NAT routing from ppp0 (ADSL)
$IPT -t nat -A POSTROUTING -o ppp0 -s 10.20.0.0/22 -j MASQUERADE

This is where the problem is. Only the ppp0 sharing works with the eth1 users.
That is, if I don't set a default gateway on the linux box.
Setting a default gateway (161.18.195.1) in ifcfg-eth2 has reverse results.
I can only get either one sharing to work but not both.


What am I missing?
Thanks a million.

To e-mail, remove the obvious

It looks like my ascii drawing got mixed up.
It can be seen here: http://accessdenied.darktech.org/2.txt


On Sat, 14 Aug 2004 18:30:20 +0800, AcCeSsDeNiEd <(E-Mail Removed)> wrote:

>I'm pulling my hair out getting this one to work.
>
>So anyone out there plz help.
>
>I have this setup:
>
> ________
> +------------+ /
> | | |
> +-------------+ Provider 1 +-------
> __ | | | /
> ___/ \_ eth0 +------+-------+ +------------+ |
> _/ \__ -----| eth2 | /
> / | | |
>| Local network + Linux router | | Internet
> \_ eth1 | | |
> \__ __/ -----| ppp0 | \
> \___/ +------+-------+ +------------+ |
> | | | \
> +-------------+ Provider 2 +-------
> | | |
> +------------+ \________
>
>
>eth0 and eth1 are connected to my Local area network:
>
>eth0=10.30.1.0
>eth1=10.20.0.0
>
>eth2 is connected to the internet via a lease line.
>ppp0 is connected to an ADSL provider:
>
>eth2=161.18.195.4
>ppp0=220.255.206.242
>
>
>I need the users on eth0 to access the internet via eth2 and
> the users at eth1 should access the internet via ppp0
>
>I read the Linux Advance networking at: http://www.lartc.org/howto/lartc.rpd...ple-links.html
>And this is what I did:
>
>Added tables 'IPQ_eth2' and 'ADSL' in /etc/iproute2/rt_tables
>
>eth2:
>#/sbin/ip route add 161.18.195.0 dev eth2 src 161.18.195.4 table IPQ_eth2
>#/sbin/ip route add default via 161.18.195.1 table IPQ_eth2
>#/sbin/ip route add 161.18.195.0 dev eth2 src 61.8.195.4
>#/sbin/ip rule add from 161.18.195.4 table IPQ_eth2
>
>ppp0:
>#/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242 table ADSL
>#/sbin/ip route add default via 220.255.206.1 table ADSL
>#/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242
>#/sbin/ip rule add from 220.255.206.242 table ADSL
>
>Ok, from here on, packets coming into the Internet connections get out/back via their own respective
>gateways. That works.
>
>
>Next to share the internet connections:
>In my IPTABLES:
>
>#Enable NAT routing from eth2
>$IPT -t nat -A POSTROUTING -o eth2 -s 10.30.1.0/24 -j MASQUERADE
>
>#Enable NAT routing from ppp0 (ADSL)
>$IPT -t nat -A POSTROUTING -o ppp0 -s 10.20.0.0/22 -j MASQUERADE
>
>This is where the problem is. Only the ppp0 sharing works with the eth1 users.
>That is, if I don't set a default gateway on the linux box.
>Setting a default gateway (161.18.195.1) in ifcfg-eth2 has reverse results.
>I can only get either one sharing to work but not both.
>
>
>What am I missing?
>Thanks a million.
>
>To e-mail, remove the obvious


To e-mail, remove the obvious

AcCeSsDeNiEd <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>. ..
> I'm pulling my hair out getting this one to work.
>
> So anyone out there plz help.
>
> I have this setup:
[snip]
>
> eth0 and eth1 are connected to my Local area network:
>
> eth0=10.30.1.0
> eth1=10.20.0.0
>
> eth2 is connected to the internet via a lease line.
> ppp0 is connected to an ADSL provider:
>
> eth2=161.18.195.4
> ppp0=220.255.206.242
>
>
> I need the users on eth0 to access the internet via eth2 and
> the users at eth1 should access the internet via ppp0
>
> I read the Linux Advance networking at: http://www.lartc.org/howto/lartc.rpd...ple-links.html
> And this is what I did:
>
> Added tables 'IPQ_eth2' and 'ADSL' in /etc/iproute2/rt_tables
>
> eth2:
> #/sbin/ip route add 161.18.195.0 dev eth2 src 161.18.195.4 table IPQ_eth2
> #/sbin/ip route add default via 161.18.195.1 table IPQ_eth2
> #/sbin/ip route add 161.18.195.0 dev eth2 src 61.8.195.4
> #/sbin/ip rule add from 161.18.195.4 table IPQ_eth2
>
> ppp0:
> #/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242 table ADSL
> #/sbin/ip route add default via 220.255.206.1 table ADSL
> #/sbin/ip route add 220.255.206.0 dev ppp0 src 220.255.206.242
> #/sbin/ip rule add from 220.255.206.242 table ADSL
>
> Ok, from here on, packets coming into the Internet connections get out/back via their own respective
> gateways. That works.
>
>
> Next to share the internet connections:
> In my IPTABLES:
>
> #Enable NAT routing from eth2
> $IPT -t nat -A POSTROUTING -o eth2 -s 10.30.1.0/24 -j MASQUERADE
>
> #Enable NAT routing from ppp0 (ADSL)
> $IPT -t nat -A POSTROUTING -o ppp0 -s 10.20.0.0/22 -j MASQUERADE

MASQing is meant for a single uplink connection -- it's just a special
case of SNAT where there is only one public IP.

> This is where the problem is. Only the ppp0 sharing works with the eth1 users.
> That is, if I don't set a default gateway on the linux box.
> Setting a default gateway (161.18.195.1) in ifcfg-eth2 has reverse results.
> I can only get either one sharing to work but not both.
>
> What am I missing?
> Thanks a million.

If I understand, you have incoming traffic and the reply packets
routing AOK -- just as lartc example provides.

What you need is to route some lan sources via eth2 and other,
different, sourceIPs via ppp0.

Rather than try to explain how you might go about this, I'll just
refer you to:
http://linux-ip.net/html/adv-multi-internet.html
which provides an example of what to do to route/NAT outbound traffic
that originates on the lan. This marks/routes by port#/service but
should provide what you need to route/NAT by source IP. Note that the
key is to start manipulating the packets as soon as they enter Linux
Router so that they flow through the system ready for proper routing
and NATing by netfilter.

A couple of years ago I played with this -- quite rusty memory now.
You _will_ want to confirm that all is going as desired -- sniffing
the wire is a big help.

Above url is a good compliment to lartc -- he tries to cover the areas
_not_ covered by lartc. The whole document is highly recommended.

hth,
prg
email above disabled