⬆️ ⬇️

We use 2+ providers (first part)

Here I want to talk about setting up a gateway on Linux, for using 2 (or more) Internet providers.

To configure, we will use the capabilities of iptables and the ip utilities from the package, which is usually called iproute2. And to solve this problem, we will route packets based on “policy routing” (ie, policy-based routing), and not “destination routing” (routing based on the recipient's address).



So let's get started. First, let's define the variables:

#! / bin / bash



IF1 = eth1

IF2 = eth2



IF are network interfaces that look to the Internet through our providers.

IP1 = 10.10.10.10

IP2 = 20.20.20.20



IPs are our external IP addresses that providers have given us

P1 = 10.10.10.1

P2 = 20.20.20.1



P is the default gateway of our providers.

Policy routing allows you to perform routing based on the source address, so we will list the servers that will participate:

SRV11 = 192.168.0.11

SRV12 = 192.168.0.12



Here, SRV11 and SRV12 are two IPs of the same server (this is important!), This allows one server to handle incoming connections from two providers. Of course, there are other options to realize this opportunity, but I will use the IPs, it seems to me to begin with, it will be easier.

And now the most interesting thing is to write a rule for routing.

The first thing we need to do is add our own routing tables, for this you need to edit the file / etc / iproute2 / rt_tables, for example:

#echo "101 T1" >> / etc / iproute2 / rt_tables

#echo "102 T2" >> / etc / iproute2 / rt_tables



Fill in the first table:

ip route add $ P1_NET dev $ IF1 src $ IP1 table T1

ip route add default via $ P1 table T1



Ie, we add routes in which we indicate that we can get into the subnet of the first provider through the first interface. In the second line, we add the default gateway.

The same in the second:

ip route add $ P2_NET dev $ IF2 src $ IP2 table T2

ip route add default via $ P2 table T2



Then we will deal with the main table, which is called "main". We see it when we type ip route:

ip route add $ P1_NET dev $ IF1 src $ IP1

ip route add $ P2_NET dev $ IF2 src $ IP2

ip route add default via $ P1 metric 10



The first two lines are similar to the previous entries, only the "table main" is omitted. The third line sets the default route with the metric.

On this we figured out the routing, to see what we have in the routing table, you can run the command “ip route show table <table name>”. Now let's get down to the rules. Just according to the rules, it will be decided which packet will be routed according to which table.

ip rule add from $ IP1 table T1

ip rule add from $ IP2 table T2



Here we indicated that if the source address is equal to the first external address, then routing is performed on table T1. Similarly, the second entry.

And finally the most interesting:

ip rule add from $ srv11 fwmark 10 table T1

ip rule add from $ srv12 fwmark 20 table T2

Using iptables we can label the packets of interest to us and route them based on these labels. Actually here we added two rules: for packages with a label 10, use table T1, for packages with a label 20 - T2. Now it may not be very clear why this may be necessary, but everything will become clear from the iptables rules. To view the rules, we perform “ip rule”, when routing, they are checked in order.

Well, half the work is done, it remains to write the rules for iptables, we'll talk about this in the second part.



The second part .

original article on my blog Use 2+ provider (first part)

')

ps Written to understand yourself and tell others.

Source: https://habr.com/ru/post/49137/



All Articles