2 NICs, 1 server - Networking

This is a discussion on 2 NICs, 1 server - Networking ; Hi, I have a situation where I have one NIC connected to a switch on a server, and two internet connections on the switch, before I continue, I don't need channel bonding and I don't need load balencing because that's ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: 2 NICs, 1 server

  1. 2 NICs, 1 server

    Hi,

    I have a situation where I have one NIC connected to a switch on a server,
    and two internet connections on the switch, before I continue, I don't need
    channel bonding and I don't need load balencing because that's not what I
    need nor want.

    Here's my physical configuration (Best viewed in monospace font):

    ---[ISP 1]
    |
    [NAT]
    |
    -------[SWITCH] (note: Both NAT routers are on the same subnet)
    |
    [NAT]
    |
    ---[ISP 2]

    The server is only able to route out one connection or the other at the
    moment. Basically what I want is for the server to be able to route out the
    connection it came in on. I wish for this to have the least impacting
    solution on the system possible.

    Thank you,

    --
    --Krad Xeron

  2. Re: 2 NICs, 1 server

    Hello,

    Kradorex Xeron a écrit :
    >
    > Here's my physical configuration (Best viewed in monospace font):
    >
    > ---[ISP 1]
    > |
    > [NAT]
    > |
    > -------[SWITCH] (note: Both NAT routers are on the same subnet)
    > |
    > [NAT]
    > |
    > ---[ISP 2]
    >
    > The server is only able to route out one connection or the other at the
    > moment. Basically what I want is for the server to be able to route out the
    > connection it came in on.


    The server needs to use advanced routing. The general idea is to create
    an alternate routing table for outgoing packets which must be routed
    through the non-default router.

    I can suggest three approaches. The first one is to add an alternate IP
    address to the server in the same subnet, configure the non default
    router to forward incoming connections to the alternate IP address, and
    create a routing rule on the server saying to use the alternate routing
    table to route outgoing packets with the alternate source address.

    Guidelines :
    # add alternate address to the LAN interface
    ip addr add dev

    # add route to the LAN hosts in the alternate routing table
    ip route add / dev table 100

    # add default route in the alternate routing table
    ip route add default via table 100

    # create a routing rule based on source address
    ip rule add from lookup 100


    The second approach is to mark the incoming connections forwarded by the
    non-default router with iptables and create a routing rule saying to use
    the alternate routing table to route outgoing packets with the mark. A
    difficulty is to detect that a connection was forwarded by the
    non-default router. Its IP address does not appear in the forwarded
    packets so it cannot be used. Its MAC address can be used instead. IP
    header fields such as TOS may be used too.

    Guidelines :
    # add default route in the alternate routing table
    ip route add default via table 100

    # create a routing rule based on iptables mark
    ip rule add fwmark 0x1 lookup 100

    # add mark to connections from the non-default router MAC address
    iptables -t mangle -A PREROUTING -m state --state NEW,RELATED \
    -m mac --mac-source -j CONNMARK --set-mark 0x1

    # copy the connection mark into outgoing packets
    iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark


    The third approach is to mark outgoing packets with source ports
    corresponding to the hosted services, and create a routing rule saying
    to use the alternate routing table to route outgoing packets with the
    mark. Note that this approach may not be applicable in all cases.

    Guidelines :
    # add route to the LAN hosts in the alternate routing table
    ip route add / dev table 100

    # add default route in the alternate routing table
    ip route add default via table 100

    # create a routing rule based on iptables mark
    ip rule add fwmark 0x1 lookup 100

    # mark outgoing packets with specific protocols and source ports
    # destination addresses in the local network are excluded
    iptables -t mangle -A OUTPUT -d ! / \
    -p -m multiport --sports -j MARK --set-mark 0x1

  3. Re: 2 NICs, 1 server

    On Thu, 20 Dec 2007 03:22:26 -0500, Kradorex Xeron
    wrote:

    >Hi,
    >
    >I have a situation where I have one NIC connected to a switch on a server,
    >and two internet connections on the switch, before I continue, I don't need
    >channel bonding and I don't need load balencing because that's not what I
    >need nor want.
    >
    >Here's my physical configuration (Best viewed in monospace font):
    >
    > ---[ISP 1]
    > |
    > [NAT]
    > |
    >-------[SWITCH] (note: Both NAT routers are on the same subnet)
    > |
    > [NAT]
    > |
    > ---[ISP 2]
    >
    >The server is only able to route out one connection or the other at the
    >moment. Basically what I want is for the server to be able to route out the
    >connection it came in on. I wish for this to have the least impacting
    >solution on the system possible.
    >
    >Thank you,


    I suspect that you would have far better results if you eliminated the
    two NATs so that the two external IPs are present on the switch.

    If Pascal's three approaches do not accomplish what you want, I urge
    you to post this message - plus details about SERVER - to the LARTC
    mailing list.
    --
    buck


+ Reply to Thread