linux routing issue

Question

I have 2 linksys routers which has linux running on it and using tomato firmware.. both has internet lines plugged on but only 1 acts as DHCP server (router 1) What I am having to achieve is that all packets goes to router 1 from internal IPs want to access internet will go out to that internet line but from 1 specific port, if router 1 detects packets from a specific source port (for ex: http port: 80), it will redirect that packet to router 2 and goes out to the internet from there.. I have found some documents which give solution that I will need a linux servers with 2 ethernet cards and then we plug both internet lines on that server and routing base on it but I do not want to do that because my boss does not want to have an extra work mantaining that server, besides, he says that the router itself already a linux one so why.. I tend to agree his points.. Can it be done or a seperate linux server acting as a router is a must? Thank you all in advance and really look forward in your replies.. I am newbie to linux network and it seems to be something out of my capacity to solve :(

Your sincerely! Duc To

Doesn't your router already have multiple ports to route between? I can't see how this is different from http://serverfault.com/questions/165182/policy-based-routing — pehrs, Dec 31 '10 at 10:54
I confident that it can be done somehow, but I don't know of any HOWTO or quick set of steps to tell you. It will likely require some serious hacking of the firmware. Anyway, have you considered simply adding three network interfaces to a Linux box, and getting rid of the routers? That way you will have a single device to maintain instead of 2 routers. — Zoredache, Dec 31 '10 at 11:18
@pehrs, the biggest difference is that he is using a very lightweight Linux distro that has a lot of features disabled to run on the limited amount of storage/RAM that is available. If the firmware wasn't built with the policy routing features, then he may be recompiling kernels, firmware, doing lots of very complex stuff. — Zoredache, Dec 31 '10 at 11:21
Hi Pehrs! THanks for your reply! The main and important difference I have noticed is that I do not have a Linux servers with 2 ethernet cards. What I have is 2 routers, each one has 1 internet line and 1 local line and 1 act as DHCP server for all computers (included router 2's internal ip). Besides, my linux router does not have /etc/iproute2/rt_tables, it does have ip and iptables commands thought, do you think it is ok if I create one instead — Duc To, Dec 31 '10 at 11:24
Dear Zoredache! Thanks for your reply and happy new year! :) Yes, a linux box with 3 NIC is the best solution i think but it is the last favorite option for my boss (he does not want to have 1 more server and maintain it) and hence i have to try all ways I can before dare to come to his desk and say so :-S — Duc To, Jan 04 '11 at 02:52

score 0 · Answer 1 · edited Apr 13 '17 at 12:13

Without knowing the firmware or other limitations it's hard to give a good answer. This is certainly possible to do using a full Linux system, but it's a complex routing setup that is likely to have interesting bugs. If possible I would recommend avoiding this kind of setup.

As long as your kernel supports policy routing you should be able to more or less follow the instructions here. More complete instructions can be found here.

Note that you will have to reconfigure the secondary gateway not to use DHCP. Having a router run DHCP will sooner or later come back and bite you.

score 0 · Answer 2 · answered Jan 01 '11 at 00:04

This is a complicated setup. You may find it simpler to move the two Internet connections to one router, and add an additional VLAN and zone for the second internet connection.

I would look at the documentation for multiple ISPS on the Shorewall site. I believe Tomato should run Shorewall-lite (which will require another server capable of building the rules. If not I believe the documentation explains the rules being set up. You may be able to run the split connection using the two routers using the gateway address of the second router as the second routing destination. If I understand your requirements, I think you only need to configure router 1.

score 0 · Answer 3 · answered Jan 02 '11 at 02:12

From your description (packets with source port 80 are almost always going to be responses to HTTP queries), it sounds as though you have an HTTP server that you wish to appear to be behind router2. In other words, packets come in through router2 (or possibly router1, but that would be a mistake) to the server, and the server would respond through router2. You wish all of your other Internet traffic to pass through router1.

My suggestion would be to make a small routing change on the server:

Change the default route for the server to be router2.
Create a static route for your internal network to route to router1. (note: you can omit this step if your server is within your internal network; the IP stack will handle this by default)

You can do this with only one ethernet card in the server, if that is what is concerning you, assuming that router1 and router2 both have interfaces in your internal network.

I know you don't want to make a change on the server, but it is much much simpler to place the configuration there than on the two border routers.

linux routing issue

3 Answers3