Re: Multihomed with two separate ISPs and strange routing problems with iptables ...

From: Macbrush (macbrush@carriver.com)
Date: 06/09/02


From: "Macbrush" <macbrush@carriver.com>
Date: Sun, 9 Jun 2002 17:14:46 +0800

There is an easier way to do it. Similar to your solution, but you can
simply add a source route rule to rule table, and make sure any traffic have
a source address of your counter strike server will go to different default
route.

echo 200 counter >> /etc/iproutes/rt_tables <-- change 200 to any priority
you like, cat /etc/iproutes/rt_tables
ip rule add from *counter-strike-server* table counter
ip route add default via *your-10Mbpx-pipe* table counter

Hope this helps
Kenneth

"Adam Pearse" <apearse@yahoo.com> glsD
:qVrL8.94$SR3.20545@localhost...
> I figured it out with a little more searching on google :-) Here is what I
> did in case anyone cares:
>
> iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark 1
> ip rule add fwmark 1 table 100 pref 1000
> ip route add default via 207.176.167.1 dev eth1 table 100
>
> So I left my default route on the 139 intereface and created a special
> routing table for the second interface based on http traffic coming in on
> it. The other major difference is I was using PREROUTING instead of OUTPUT
> on my iptables statement.
>
>
> "Adam Pearse" <apearse@yahoo.com> wrote in message
> news:mprL8.92$SR3.19689@localhost...
> > Hello, I am wondering if anyone would mind answering my question. I have
> one
> > server with two interface cards, each connected to a separate ISP. I run
> > Counter Strike from one of the interfaces while I run Apache off the
> other.
> >
> >
> > 1st interface: 139.142.185.228 with a default gateway of 139.142.185.225
> > running Counter Strike (port 27015). This connection is a 10 Mbp pipe.
> > 2nd interface: 207.176.167.2 with a default gateway of 207.176.167.1
> running
> > Apache web server (port 80). This connection is a T1.
> >
> > What is happening is when ppl join my counter strike server via the
> > 139.142.185.225 interface, the outgoing packets (for some reason) are
> > leaving out the 207.176.167.2 interface which is only a T1 causing a
great
> > deal of lag. I am attempting with iptables to force all traffic that
came
> to
> > 139.142.185.225:27015 to go back out the same interface it came in on.
> Here
> > is the commands I am using but they are not working ... Can anyone see
> what
> > I am doing wrong here?
> >
> > This is done once:
> > echo 201 http.out >> /etc/iproute2/rt_tables
> >
> > This is done in my S99local
> >
> > echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> > iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark 1
> > iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 207.176.167.2
> > ip rule add fwmark 1 table http.out prio 101
> > /sbin/ip route add default via 207.176.167.1 dev eth1 table http.out
> > ip route flush cache
> >
> > I am using Redhat 7.3, kernel build 2.4.18-4. I do not understand why CS
> > traffic is still going out the eth1 interface. Anyone?
> >
> >
> >
> >
> >
> >
> >
>
>



Relevant Pages