[Klug-general] Multiple routes out

Peter Childs pchilds at bcs.org
Mon Dec 6 18:34:09 UTC 2010


On 6 December 2010 17:19, Alan Buchel <alan at communitytechnology.org.uk>wrote:

> Thanks Peter. Yes I have quadruple-checked the Smoothie and the
> configuration is fine, and works perfectly as long as the gateway for the
> server is set as the Smoothwall box.
>
>
In otherwords you want two gateways?

One for the box to get to the internet and one for the internet to get to
the box?

Which can be done. but if I remember correctly you need to use ip not route.
where you can do lost of fun and intresting things that you can't normally
do with route. (Such as use two gateways and two internet connections if you
wish)

Peter.


>
> On 06/12/10 17:02, Peter Childs wrote:
>
>> On 6 December 2010 16:27, Alan Buchel<alan at communitytechnology.org.uk
>> >wrote:
>>
>>  Hi All,
>>>
>>> I have a slightly complicated situation with a routing requirement, have
>>> RTFM's till my brain hurts and hope someone can help...
>>>
>>> We have a Server inside a private network which routes out through a WLAN
>>> switch as it's main uplink to the internet. It syncs with other servers
>>> over
>>> this network. For reasons beyond my control, the server is only allowed 1
>>> IP
>>> address. Now we want to expose some of the services on this server such
>>> as
>>> www (80) to the outside world via a broadband line, and such a facility
>>> is
>>> unavailable via the WLAN.
>>>
>>> So I thought: just put in a smoothwall box, RED NIC on the ADSL, GREEN on
>>> the same IP subnet as the Server, forward the required ports to Server
>>> and
>>> job done. Oh no, not a bit...
>>>
>>> While the server WILL respond to www requests (like wget and telnet)
>>> directly FROM the smoothwall box, it will, not respond to www requests
>>> that
>>> come from clients on the RED side of smoothwall. The portforwarding on
>>> the
>>> smoothie works fine, and I know this is so because if I set the default
>>> gateway for the Server to be that of the Smoothwall GREEN. Then the port
>>> forward works just fine...
>>>
>>>
>>
>> Sounds like a problem with the Smoothwall Box.
>>
>> You need to check the port forwarding from the Red NIC to the Green, Just
>> because the IP Masquerading works does not mean that the port forwarding
>> it
>> correct.  You need an extra rule in IP Tables to do that. No matter what
>> you
>> write to route will change anything you need to set the iptables rules
>> correctly.
>>
>> I've not used Smoothwall but I could probably come up with an IP tables
>> rule
>> to do that with a bit of work, but I'm guessing Smoothwall might well have
>> a
>> User Interface to do it in......
>>
>> Hope that at least gives you some ideas
>>
>> Peter.
>>
>>
>>
>>> So I guess the problem is with routing, we need to figure out how to tell
>>> the server to use SMOOTHWALL GREEN as the gateway for requests coming
>>> from
>>> SMOOTHWALL GREEN and to use WLAN for the rest.
>>>
>>> Does anyone have any ideas how to go about this, or have another idea on
>>> how to achieve  what we need? (have been trying route add -net %$^%^&%^&
>>>  till I am blue in the face and mostly only seeing syntax errors)
>>>
>>> Alan
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Kent mailing list
>>> Kent at mailman.lug.org.uk
>>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>>
>>>
>>
>>
>> _______________________________________________
>> Kent mailing list
>> Kent at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/kent
>>
>
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/kent/attachments/20101206/2b54cfd3/attachment-0001.htm>


More information about the Kent mailing list