Re: Multihomed with two separate ISPs and strange routing problems with iptables ...

From: Adam Pearse (apearse@yahoo.com)
Date: 06/05/02


From: "Adam Pearse" <apearse@yahoo.com>
Date: Wed, 5 Jun 2002 11:32:26 -0600

I figured it out with a little more searching on google :-) Here is what I
did in case anyone cares:

iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark 1
ip rule add fwmark 1 table 100 pref 1000
ip route add default via 207.176.167.1 dev eth1 table 100

So I left my default route on the 139 intereface and created a special
routing table for the second interface based on http traffic coming in on
it. The other major difference is I was using PREROUTING instead of OUTPUT
on my iptables statement.

"Adam Pearse" <apearse@yahoo.com> wrote in message
news:mprL8.92$SR3.19689@localhost...
> Hello, I am wondering if anyone would mind answering my question. I have
one
> server with two interface cards, each connected to a separate ISP. I run
> Counter Strike from one of the interfaces while I run Apache off the
other.
>
>
> 1st interface: 139.142.185.228 with a default gateway of 139.142.185.225
> running Counter Strike (port 27015). This connection is a 10 Mbp pipe.
> 2nd interface: 207.176.167.2 with a default gateway of 207.176.167.1
running
> Apache web server (port 80). This connection is a T1.
>
> What is happening is when ppl join my counter strike server via the
> 139.142.185.225 interface, the outgoing packets (for some reason) are
> leaving out the 207.176.167.2 interface which is only a T1 causing a great
> deal of lag. I am attempting with iptables to force all traffic that came
to
> 139.142.185.225:27015 to go back out the same interface it came in on.
Here
> is the commands I am using but they are not working ... Can anyone see
what
> I am doing wrong here?
>
> This is done once:
> echo 201 http.out >> /etc/iproute2/rt_tables
>
> This is done in my S99local
>
> echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark 1
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.176.167.2
> ip rule add fwmark 1 table http.out prio 101
> /sbin/ip route add default via 207.176.167.1 dev eth1 table http.out
> ip route flush cache
>
> I am using Redhat 7.3, kernel build 2.4.18-4. I do not understand why CS
> traffic is still going out the eth1 interface. Anyone?
>
>
>
>
>
>
>



Relevant Pages