[Gllug] routing via a second external IP

C. Cooke ccooke at gkhs.net
Thu Aug 7 10:06:06 UTC 2008


On Thu, Aug 07, 2008 at 10:28:18AM +0100, t.clarke wrote:
> HI
> 
> I am currently in the process of installing another ADSL circuit in our
> offices (regrettably due to the apallingly low speed available on ADSL at
> our physical location  - 600Kbs if we are lucky!).  The idea is to use this
> connection purely for telnet connection in from certain specific users/IP
> addresses; to avoid bottlenecks at certain times when the 'nromal' ADSL line
> is 'swamped' with websurfing traffic.
> 
> It would seem a pity to use another Linux box to accomplish this if I can
> simply do the following:
> 
> 1)install another interface card in the existing Linux box, connected to the
> new adsl circuit and router
> 2)set up specific routes to the IP addresses concerned within the linux-box
> routing table, so that outgoing packets do not go our via the default route
>
> Any reason why this should not work ??

Nope, this is all pretty easy.

What you need to read up on is iproute2, the 'newer'[1] network
configuration tools. Specifically, that gives you the ability to
define multiple (named, even) routing tables with a flexible rule system
for choosing which one applies to any given connection or packet. You
can choose the routing based on source, destination, firewall mark...

For your setup, you'd want to set a firewall mark on the traffic you
wanted to send to the secondary ADSL: 

# (The following is all from memory, and I don't have access to a decent
# connection right now, so double check everything)

# Assuming you just want telnet traffic...
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 23 \
	-j MARK --set-mark 0x01
# or whatever other selection or mark requirements you want...

# Then, you need to set up a routing table:
# Make sure table number 100 doesn't exist - or choose your own number.
echo '100 secondary_adsl' >> /etc/iproute2/rt_tables

# Then, build the route table:
# assuming your secondary adsl was connected to eth2, ip network
# 172.19.50.3/24. Silly numbers, but likely to be safe in this example
# :-)
ip route add 172.19.50.0/24 dev eth2 scope link \
	src 172.19.50.3 table secondary_adsl
ip route add default via 172.19.50.1 dev eth2 table secondary_adsl

# And the rules that select on fwmark
ip rule add fwmark 0x01 table secondary_adsl

# That should do it. 

There's a good guide to iproute2 here: http://lartc.org/

[1] Where newer means 'Been in the kernel for a very long time, but it's
not ifconfig and route, so people forget they exist'

-- 
d=(1 0 6 0 1 0 5 5 41 5 3 12 4 5 15 1 4 -2 5 5 0 5 4 24 3 5 27 1 3 -2 1 3 6)
a=0;while :;do ((v=(c=a)+3));((x=d[d[a]]-d[d[a+1]]));d[d[a]]=$x;((a=d[d[a]]\
<0?${d[a+2]}:v));case $a in -1)read d[d[c]];a=$v;;-2)echo ${d[d[c+1]]};a=$v\
;;0)exit;;esac;done 2>&- # Charles Cooke, Sysadmin.  
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list