Re: Multiple ISP's and traffic shaping
hi,
it should work if you if you use iproute and iptables.
add ISP0 and ISP1 to /etc/iproute2/rt_tables
make a default route for each table:
ip route add default via $ISP0 table ISP0
ip route add default via $ISP1 table ISP1
then let your linux-box know when to use the tables:
ip rule add fwmark 1 table ISP0
ip rule add fwmark 2 table ISP1
now it should route packages marked with '1' through ISP0 and packages
marked with '2' through ISP1.
you can mark packages with iptables now. e.g.
iptables -t mangle -s $DMZ -j MARK --set-mark 2
note: in some cases i had to use additional SNAT with iptables to send
the packages with the correct sourceip.
iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source
$ISP1-IP
perhaps it helps for you.
buz
On Don, 2003-05-22 at 15:48, mslucas wrote:
> Hi,
>
>
>
> What do I have to install to get the following situation working?
>
> Except iptables as the firewall.
>
> I tried it with iptables and then NATing and with "ip route" but it isn't
> working
>
>
>
> Caution a lot of "is allowed" and "is not allowed" detected
>
>
>
> Internet Internet
> ISP 0 ISP 1
> | |
> v v
> Private LAN <-> this server <-> Office LAN
> ^
> |
> DMZ
>
>
>
> Traffic from my private LAN must go to ISP0, and is allowed to go to ISP1
> only if ISP0 is down (bandwidth must be limited)
>
>
>
> Traffic from my Office LAN must go to ISP1, and is allowed to go to ISP0 if
> ISP1 is down or if there is more traffic than ISP1 can accept.
>
>
>
> Traffic from my DMZ must go to ISP1, and is allowed to go to ISP0 only if
> ISP1 is down..
>
>
>
> Traffic from my private LAN is not allowed to go to my Office LAN but
> traffic from Office to private is allowed.
>
>
>
> Can somebody give me a hint which program is able to make my situation work.
>
>
>
> Thanks in advance,
>
>
>
> Maurice Lucas
>
> TAOS-IT
>
Reply to: