[H-GEN] Connecting to 2 ISPs one entirely just for the FreeZone, How?
Tony Nugent
tony at linuxworks.com.au
Thu Sep 14 03:30:22 EDT 2006
> From: general-bounces at lists.humbug.org.au On Behalf Of De Crow
> Sent: Thursday, September 14, 2006 4:55 PM
> Subject: [H-GEN] Connecting to 2 ISPs one entirely just for the FreeZone,How?
[ -- nice diagram deleted for brevity -- ]
> What is the best distribution to use for this?
Just about any linux (or unix) distribution will do the job.
(I hope I have understood the jist of what you were asking for).
It is possible to set the default route for a specific set of destination (or
even source) IP addresses with the routing tables, eg "ip route add
192.168.10/24 via 10.0.0.2", and have the default route via, say, 10.0.0.1. You
can also route by source/destination port and other such specifications.
See "/sbin/ip r help" and "man ip" for all the details. There are ways to
sanely preserve routes like this through reboots and as interfaces/links go up
and down.
It can also be done with iptables (with the firewall tools), but this can get
tricky, as you would probably need to use the more complex features of the "nat"
and "mangle" chains. A post 2.4 kernel is recommended for full netfilter
magic.
To cut a very long story short, try "man iptables", then "/sbin/iptables
--help". Then find the docs with a quick google search, you'll need them.
> Anyone with past experience doing something like this?
Yes, and probably quite a few others lurking around here besides myself. Fun
stuff.
On redhat-based boxes with /etc/init.d/iptables and /etc/sysconfig/iptables, you
can use tools like shorewall (www.shorewall.org - I think) to help you generate
the actual firewalling rules. Then "service iptables save" to capture the
current firewall state through reboots. (Make sure that "chkconfig iptables on"
has been run, check with "chkconfig --list").
For the routing method, hmm, it's been a while. I think the magic is done
somewhere in /etc/sysconfig/, but I can't recall off the top of my head.
Other unixes have their own tools (eg, ipfw etc).
> Crowy
> (aka Anthony)
Cheers
Tony
More information about the General
mailing list