Configure routing for two providers
Yesterday I ran into a small problem - there are 2 network cards and 2 providers installed on a machine with Win2k3. The problem turned out to be the following: subnets intersect (more precisely, they coincide). It was decided to use the 1st provider for the main gateway, and to walk on the intranet resources through the 2nd one. And everything would be fine, but the machine should serve incoming connections from both interfaces. But, thanks to static routes, the responses to requests from the subnet 10.0.0.0/8 that came from the first provider went through the channel of the second provider, which was, to put it mildly, not what was needed. How to solve this problem under linux - I knew (and I will also tell in this article). A little googling solution was found (in msdn'e stumbled upon managing the priorities of connections). A colleague (WAJIM, hello) thought - and found the 2nd option. Then I thought a little (quite a bit) - and by analogy the 2nd version of the solution for linux appeared :)
Total, under the cut you will find 4 options for solving the problem of routing by 2m providers - 2 for Windows and 2 for Linux.
Given:
Well ... let's get started.
The choice is yours. Let me just say that it was decided to dwell on the second versions for both systems (changing the metrics on windows and iproute2 on debian).
Anyone interested in the topic of routing in Linux - I recommend reading this item here lartc.org/howto
I hope someone this information will be useful.
')
And once again, colleagues - happy holiday :)
Total, under the cut you will find 4 options for solving the problem of routing by 2m providers - 2 for Windows and 2 for Linux.
Given:
- 2 physical firewalls that are concurrently gateways (192.168.1.10 and 192.168.2.10)
- 2 network interfaces (lan1 - 192.168.1.101 and lan2 - 192.168.2.101)
- the desire to make this good work as we need
Well ... let's get started.
- Windows
- Network Connection Priority Management:
It is necessary to create 3 routes:route -p add 0.0.0.0 mask 0.0.0.0 192.168.1.10 metric 1
route -p add 10.0.0.0 mask 255.0.0.0 192.168.1.10 metric 1
route -p add 10.0.0.0 mask 255.0.0.0 192.168.2.10 metric 1
Next, go to Network Connections -> Advanced -> Advanced Options, move lan2 up to make this connection higher than lan1. Is done. - Priority in the routing table:
Again - create 3 routes. Just change the metricsroute -p add 0.0.0.0 mask 0.0.0.0 192.168.1.10 metric 1
route -p add 10.0.0.0 mask 255.0.0.0 192.168.1.10 metric 2
route -p add 10.0.0.0 mask 255.0.0.0 192.168.2.10 metric 1
And no dancing with priority interfaces. I think this method is optimal.
UPD : interface metrics, the priority of which is higher (see previous paragraph) should not be the lowest.
- Network Connection Priority Management:
- Linux
- Priority in the routing table:
It is almost the same as in the previous paragraph (only the syntax is slightly different)route add default gw 192.168.1.10 metric 0
route add -net 10.0.0.0/8 gw 192.168.1.10 metric 1
route add -net 10.0.0.0/8 gw 192.168.2.10 metric 0 - iproute2:
Actually, this solution requires the presence of an installed iproute2 package. In debian - apt-get install iproute.
In this case, we will need 2 routes.route add default gw 192.168.1.10 metric 0
route add -net 10.0.0.0/8 gw 192.168.2.10 metric 0
Create 2 routing tables:echo '10 lan1 '>> / etc / iproute2 / rt_tables
echo '11 lan2 '>> / etc / iproute2 / rt_tables
Add routing rules to these tables:ip route add default via 192.168.1.10 table lan1
ip rule add from 192.168.1.101 table lan1
ip route add 127.0.0.0/8 dev lo table lan1
ip route add default via 192.168.2.10 table lan2
ip rule add from 192.168.2.101 table lan2
ip route add 127.0.0.0/8 dev lo table lan2
The latest rules are to ensure that packets from the local interface are not lost.
Also, do not forget that when rebooting, Linux clears the tables and routing rules, so I recommend creating a tricky script in the /etc/network/if-up.d folder. I have a script with this content there:#! / bin / sh -e
case "$ IFACE" in
eth1)
ip route add default via 192.168.1.10 table lan1
ip rule add from 192.168.1.101 table lan1
ip route add 127.0.0.0/8 dev lo table lan1
;;
eth2)
route del default gw 192.168.2.101
route add -net 10.0.0.0/8 gw 192.168.2.10 1
ip route add default via 192.168.2.10 table lan2
ip rule add from 192.168.2.101 table lan2
ip route add 127.0.0.0/8 dev lo table lan2
;;
esac
UPD : corrected shoals in the indication of the metric. - Priority in the routing table:
The choice is yours. Let me just say that it was decided to dwell on the second versions for both systems (changing the metrics on windows and iproute2 on debian).
Anyone interested in the topic of routing in Linux - I recommend reading this item here lartc.org/howto
I hope someone this information will be useful.
')
And once again, colleagues - happy holiday :)
Source: https://habr.com/ru/post/30076/
All Articles