[plug] Linux gateway with two dsl connections

Leon Brooks leon at cyberknights.com.au
Thu Nov 10 11:31:24 WST 2005 

On Wednesday 09 November 2005 08:53, Patrick Tehvand wrote:
> Wondering if this is possible with iptables on a linux router.

No, but it's possible with iproute2. I have had a customer site running 
on 3 links at once. You can even do rudimentary load-balancing at that 
level.

> I'm trying to setup policy base routing for two connections to
> ISP's.  On the 2mb I'll be using it to force traffice for ports 1723,
> 10800,10801; all other traffic will go out a 6mb link

> I thought maybe
> iptables -t nat -I PREROUTING 1 -p tcp --dport 1723 -j DNAT --to
> <isp2modem>
> iptables -t nat -I PREROUTING 1 -p tcp --dport 10800 -j DNAT --to
> <isp2modem>
> iptables -t nat -I PREROUTING 1 -p tcp --dport 10801 -j DNAT --to
> <isp2modem>

AFAICT, that doesn't do what you expect. But you can mark the outgoing 
packets and use iproute2 to force marked packet to originate from the 
2Mb link.

You basically use "ip rule add fwmark $MARK table $TABLE" to send marked 
packets to a different table, then "ip route add default via $IP table 
$TABLE" to establish a different default route for that table than the 
default.

Remember to do an "ip route flush cache" as a kind of network-equivalent 
of "sync". Define table names in /etc/iproute2/rt_tables

It will also help to add rules for sending answers to inbound 
connections back out of the same interface that they arrived through.

SNAT comes closer to what you want than the example above, and you 
*might* be able to then make that work with some tricky "ordinary" 
routing, but doing to iproute2 commands directly gives you a lot more 
control and probably *less* complexity.

Hmm. 8 megabits, hey? Does this mean than AmCom are OK now that they've 
bought PerthIX? (-:

Cheers; Leon

-- 
http://cyberknights.com.au/     Modern tools; traditional dedication
http://plug.linux.org.au/       Member, Perth Linux User Group
http://slpwa.asn.au/            Member, Linux Professionals WA
http://osia.net.au/             Member, Open Source Industry Australia
http://linux.org.au/            Member, Linux Australia

More information about the plug mailing list