0

I'm trying to set up a Debian box as a router for an office. I need to have 3 subnets in the LAN and 2 WAN connections, and I want one of the subnets to ALWAYS use WAN 1 and the other subnet to ALWAYS use WAN 2 (no load balancing).

For exmaple, I want to have these three subnets: - 10.1.1.0/24 - 10.1.2.0/24 - 10.1.3.0/24

I want 10.1.1.0/24 to go out to the Internet using ISP #1 and 10.1.2.0/24 and 10.1.3.0/24 to use ISP #2.

And one second level of complication: ISP #2 is a DSL connection with a dynamic IP address.

I think this should be easy to implement, but I've never done it before and I haven't been able to find an example online. I've been reading lartc but I couldn't adapt the examples they provide to what I want to do.

I'll appreciate any lead!

El Barto
  • 963
  • 5
  • 16
  • 24

2 Answers2

2

You will have to look at source based routing. In essence you would setup two routing tables and use iptables to tag the traffic to use one of the routing tables.

I would keep the default route on the ADSL line and use a custom routing table for the other WAN link. This assumes that isp1(ADSL) is on eth0 and correctly configured and isp2(static) is on eth1.

#Create a custom route table
echo 200 isp2 >>/etc/iproute2/rt_tables
#Add your source network
ip rule add from 10.1.2.0/24 table isp2
ip rule add from 10.1.3.0/24 table isp2
#Set the default route
ip route add default via isp2.default.gw dev eth1 table isp2
#Flush the route cache to immediately apply the change
ip route flush cache
#enable forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

You would also have to setup NAT.

On your dynamic interface you would use:

iptables -t nat -A POSTROUTING -j MASQUERADE -o eth0

And on the static interface

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source isp2.external.ip
Francois Wolmarans
  • 1,590
  • 10
  • 14
  • Actually I need my default route to be the ISP with the static route because it has a higher bandwidth and that was a requirement. That has been bothering me because I'm not sure how to specify the default route for the ISP with dynamic IP. – El Barto Jun 07 '12 at 14:48
  • Both subnets 10.1.2/3 will use ISP2 (static route). As to the dynamic ip it will be done with the DHCP settings you get from your ADSL provider. – Francois Wolmarans Jun 07 '12 at 15:27
2

You can do this with ip rule and friends (keyword: source based routing). First you need to build another routing table. Lets call it wan2. add it to /etc/iproute2/rt_tables

Fortunately the output of ip route is in the same format as the input. You can do this to copy the table (without default route)

ip route show table main | grep -Ev "^default" | while read ROUTE; do
  ip route add table wan2 $ROUTE
done

Then add the default route

ip route add table wan2 default via 1.2.3.4 dev ethX

When finished you can use the ip rule command to build rules to select the corresponding routing table:

ip rule add from 10.1.2.0/24 table wan2

I found this script somewhere in the internet, but forgot where. You can use it as template

#!/bin/sh
set -e

MARK=100
TABLE_NAME=wan2
DEV=eth2
GATEWAY=192.168.4.1

IPTABLES=/sbin/iptables
IP=/sbin/ip

$IP route flush table $TABLE_NAME

$IP route show table main | grep -Ev "^default" | while read ROUTE; do
    $IP route add table $TABLE_NAME $ROUTE
done

$IP route add table $TABLE_NAME default dev $DEV via $GATEWAY

while true; do
    ip rule del table $TABLE_NAME 2>/dev/null || break
done

$IP rule add from 10.1.2.0/24 table $TABLE_NAME
....
$IP route flush cache
krissi
  • 3,387
  • 1
  • 19
  • 22
  • This was very helpful. As I asked Francois on the other answer, how do I setup the default route for WAN 2 if it's IP is dynamic? I mean, is there any generic way or do I need to call `ifconfig` from my script to find out which IP the DHCP gave me? – El Barto Jun 07 '12 at 14:51
  • If the ordinary routing table gets updated correctly you can extract the part of the script which copies the route (and flushes it before) to a script you place in `/etc/network/if-up.d`. Then it will be executed each time the device comes up and the wan2 routing table will be recopied – krissi Jun 07 '12 at 15:12