We use 2+ providers (first part)
Here I want to talk about setting up a gateway on Linux, for using 2 (or more) Internet providers.
To configure, we will use the capabilities of iptables and the ip utilities from the package, which is usually called iproute2. And to solve this problem, we will route packets based on “policy routing” (ie, policy-based routing), and not “destination routing” (routing based on the recipient's address).
So let's get started. First, let's define the variables:
IF are network interfaces that look to the Internet through our providers.
IPs are our external IP addresses that providers have given us
P is the default gateway of our providers.
Policy routing allows you to perform routing based on the source address, so we will list the servers that will participate:
Here, SRV11 and SRV12 are two IPs of the same server (this is important!), This allows one server to handle incoming connections from two providers. Of course, there are other options to realize this opportunity, but I will use the IPs, it seems to me to begin with, it will be easier.
And now the most interesting thing is to write a rule for routing.
The first thing we need to do is add our own routing tables, for this you need to edit the file / etc / iproute2 / rt_tables, for example:
Fill in the first table:
Ie, we add routes in which we indicate that we can get into the subnet of the first provider through the first interface. In the second line, we add the default gateway.
The same in the second:
Then we will deal with the main table, which is called "main". We see it when we type ip route:
The first two lines are similar to the previous entries, only the "table main" is omitted. The third line sets the default route with the metric.
On this we figured out the routing, to see what we have in the routing table, you can run the command “ip route show table <table name>”. Now let's get down to the rules. Just according to the rules, it will be decided which packet will be routed according to which table.
Here we indicated that if the source address is equal to the first external address, then routing is performed on table T1. Similarly, the second entry.
And finally the most interesting:
Well, half the work is done, it remains to write the rules for iptables, we'll talk about this in the second part.
The second part .
original article on my blog Use 2+ provider (first part)
')
ps Written to understand yourself and tell others.
To configure, we will use the capabilities of iptables and the ip utilities from the package, which is usually called iproute2. And to solve this problem, we will route packets based on “policy routing” (ie, policy-based routing), and not “destination routing” (routing based on the recipient's address).
So let's get started. First, let's define the variables:
#! / bin / bash
IF1 = eth1
IF2 = eth2
IF are network interfaces that look to the Internet through our providers.
IP1 = 10.10.10.10
IP2 = 20.20.20.20
IPs are our external IP addresses that providers have given us
P1 = 10.10.10.1
P2 = 20.20.20.1
P is the default gateway of our providers.
Policy routing allows you to perform routing based on the source address, so we will list the servers that will participate:
SRV11 = 192.168.0.11
SRV12 = 192.168.0.12
Here, SRV11 and SRV12 are two IPs of the same server (this is important!), This allows one server to handle incoming connections from two providers. Of course, there are other options to realize this opportunity, but I will use the IPs, it seems to me to begin with, it will be easier.
And now the most interesting thing is to write a rule for routing.
The first thing we need to do is add our own routing tables, for this you need to edit the file / etc / iproute2 / rt_tables, for example:
#echo "101 T1" >> / etc / iproute2 / rt_tables
#echo "102 T2" >> / etc / iproute2 / rt_tables
Fill in the first table:
ip route add $ P1_NET dev $ IF1 src $ IP1 table T1
ip route add default via $ P1 table T1
Ie, we add routes in which we indicate that we can get into the subnet of the first provider through the first interface. In the second line, we add the default gateway.
The same in the second:
ip route add $ P2_NET dev $ IF2 src $ IP2 table T2
ip route add default via $ P2 table T2
Then we will deal with the main table, which is called "main". We see it when we type ip route:
ip route add $ P1_NET dev $ IF1 src $ IP1
ip route add $ P2_NET dev $ IF2 src $ IP2
ip route add default via $ P1 metric 10
The first two lines are similar to the previous entries, only the "table main" is omitted. The third line sets the default route with the metric.
On this we figured out the routing, to see what we have in the routing table, you can run the command “ip route show table <table name>”. Now let's get down to the rules. Just according to the rules, it will be decided which packet will be routed according to which table.
ip rule add from $ IP1 table T1
ip rule add from $ IP2 table T2
Here we indicated that if the source address is equal to the first external address, then routing is performed on table T1. Similarly, the second entry.
And finally the most interesting:
ip rule add from $ srv11 fwmark 10 table T1Using iptables we can label the packets of interest to us and route them based on these labels. Actually here we added two rules: for packages with a label 10, use table T1, for packages with a label 20 - T2. Now it may not be very clear why this may be necessary, but everything will become clear from the iptables rules. To view the rules, we perform “ip rule”, when routing, they are checked in order.
ip rule add from $ srv12 fwmark 20 table T2
Well, half the work is done, it remains to write the rules for iptables, we'll talk about this in the second part.
The second part .
original article on my blog Use 2+ provider (first part)
')
ps Written to understand yourself and tell others.
Source: https://habr.com/ru/post/49137/
All Articles