|
Page 3 of 4
Setup a client pc so that it points at your new linux router for it default gateway, and dont forget to set the dns servers. Run the above script on your router, and your client should be able to access the internet. Which will always use INTERNET CONNECTION A. To satify any requests for external resources. So before we can usitlise the other internet connection, we need to set up a routing table for it. Lets have a look at the current main routing table:
ip route show table main
It should show something like this:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.2
192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.2
192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.2
169.254.0.0/16 dev eth0 scope link
default via 192.168.4.1 dev eth2
So we can see above the four address ranges and IP addresses of the router, of the repro, admin, internet A and internet B connections. We can also see at the bottom that currently the default route is via internet connection A. So we need to define another routing table but that has INTERNET CONNECTION B as its default route. We can do this with the ip command which takes the form
ip route add <route> table <tablename>
route is (for example) 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 and tablename could be tbr
Â
So, to transpose the main table to another routing table called tbr we can issue the following commands:
Â
ip route add 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 table tbr
ip route add 192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.2 table tbr
ip route add 192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.2 table tbr
ip route add 192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.2 table tbr
ip route add 169.254.0.0/16 dev eth0 scope link table tbr
Â
Now we can issue the command for the default gateway for table tbr, but this time of course we change it so it is using INTERNET CONNECTION B :
Â
ip route add default via 192.168.5.1 dev eth2
So, now if we issue
ip route show table tbr
we should get:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.2.0/24 dev eth3 proto kernel scope link src 192.168.2.2
192.168.4.0/24 dev eth2 proto kernel scope link src 192.168.4.2
192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.2
169.254.0.0/16 dev eth1 scope link
default via 192.168.5.1 dev eth1
Notice that the default route is different to that of the main table (its using INTERNET CONNECTION B) So we have our secondary routing table which is all well and good. But at the moment, it isnt going to do anything with it, because the ip rules are dictating that the main table always be used. So lets have a look at the ip rules:
Â
ip rule show
Â
should product something like this:
Â
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
we can see that the rule table says "from where ever the packet comes from, lookup the main table". We need to add a rule in there that says if the packetis marked, send it via the tbr table. We can do this using the following command
Â
ip rule add from all fwmark 0x4 table tbr
Â
So this adds the rule that if the packet is marked in a specific way, we should use the tbr table instead of the main routing table
Â
0: from all lookup local
32765: from all fwmark 0x4 lookup tbr
32766: from all lookup main
32767: from all lookup default
We can see the new rule in just above the rule 32766 that says process everything with the main routing table. So allwe have to do now, is to mark the packets we want to route via INTERNET CONNECTION B. This can be done with iptables. The following line can be added to the bottom of your router.sh file:
$IPTABLES -t mangle -A PREROUTING -p tcp --dport 21 -s 192.168.1.0/24 -j MARK --set-mark 4
So we're essentially saying "if the traffic is of type tcp 21 mark it with a 4" . Note as well we're being specific about where the traffic is coming from with -s 192.168.1.0/24 in other words, only mark it if the traffic is coming from the repro network. Im pretty sure you'll need to specify this even if you only have one network range.
|
Linux stuff 
Check out the 10 mile round trip I had to do to login into a site that was asking for a username and password 
| 
| 
Comments
As i am new to linux and want to setup just what you explained here (w/o load balancig tho), it comes handy!
I was wandering if the 3'rd line from the bottom up is correct (-i $ INTERNETIFA ). Shouldn't it be -i $INTERNETIFB ?
I know i'm new, but since your script helped me, i just wanna help out too :)
Mihai,
Welcome to lunarhotel.co.uk. You are quite right! Ive made the change. Well done for spotting it. And well done for having a go at Linux.
The script in its current state doesnt actually support load balancing however. It was something I was looking at doing, but sadly with world-wide recession in full swing, my IT department has had to make cut backs (Like only one internet connection!
If you have anymore thoughts / ideas for the script, please let me know.
RSS feed for comments to this post.