Re: Multiple Internet sources

To: debian-firewall@lists.debian.org
Subject: Re: Multiple Internet sources
From: Wes Bateman <wes@manisec.com>
Date: Mon, 26 Apr 2004 14:33:02 -0700
Message-id: <[🔎] 20040426213302.GB375@bean.wesb.org>
In-reply-to: <[🔎] 20040426211723.GA5377@moas>
References: <[🔎] 20040426211723.GA5377@moas>

Look at the iproute package.  With the standard old UNIX route command,
you'll see your traffic take the first default route it encounters.
You'll have more control for fancy stuff like this with iproute.

Try something like:

ip rule add from $pubip1 table 100
ip route add default table 100 via $pubip1gateway
ip rule add from $pubip2 table 101
ip route add default table 101 via $pubip2gateway

See how that works for you ;)  After you get that working, you can start
doing multiple MX records or A records for www.$domainname.$tld and
other fun stuff :)

Good luck,

Wes

--
Wes Bateman, GCIA
ManISec Corporation - "Managed Internet Security Services"
http://www.manisec.com
P.O. Box 851053
Richardson, TX  75085-1053
866-MANISEC (626-4732) or 972-992-3131 ext. 82
wes@manisec.com

On Mon, Apr 26, 2004 at 04:17:23PM -0500, Ian Melnick wrote:
> Hello all,
> 
> 
> I have two Internet sources, and a NIC for each. I want to ensure that
> data coming in on one NIC doesn't travel out through the gateway of the
> other.
> 
> I'm asking this question because last week I noticed that when I put two
> NICs in the same machine on the same network, only one NIC did the work.
> There were two "default" destinations listed when you do `route`, and the
> first NIC in there with a "default" destination was always the one that
> handled everything. The issue was solved by sharing multiple IP's on the
> same interface and eliminating extra "default" listings from the route
> table. But there was a third NIC in there on a different subnet that
> still was unusable until I removed its "default" entry in the route
> table. Routing through that third interface was unnecessary, but now
> it's a different story.
> 
> With two separate Internet sources, with two completely different
> gateways, etc, I don't think I can smush all this into one NIC---can I?
> 
> And if I can't, how can I ensure that traffic coming in via one
> interface leaves via that same interface, via its defined gateway? I need
> to eliminate this issue where one interface ends up being dominant even
> when it's on a completely different network.
> 
> Would this be something I'd have to set up thru iptables, or is there
> just some fancy routing trick?
> 
> 
> Thanks in advance!

Reply to:

Follow-Ups:
- Re: Multiple Internet sources
  - From: Ian Melnick <dazed@vonsteuben.cps.k12.il.us>

References:
- Multiple Internet sources
  - From: Ian Melnick <dazed@vonsteuben.cps.k12.il.us>

Prev by Date: Multiple Internet sources
Next by Date: Re: Multiple Internet sources
Previous by thread: Multiple Internet sources
Next by thread: Re: Multiple Internet sources
Index(es):
- Date
- Thread