# Multiple Gateways? [solved]

## mariourk

Hi,

I'm wondering if it is possible to have 2 ADSL-lines, connected to one Gentoo-box. And than setup some sort of traffic routing (probably with iptables) to put some sorts of traffic over one line and other traffic over the other line. Say, email over line-1 and http over line-2. So, if someone is uploading a large file, it will slow down the traffic on line-2 significantily. But sending emails would still go fast, because this goes over line-1.

Is there anyone who has something like this running?

Thanks   :Very Happy: 

----------

## cassiol

hello,

 Maybe that help you. http://gentoo-wiki.com/HOWTO_Gentoo_Router_for_2_ISP%2C_load_balancing%2C_switch_traffic_if_link_is_down/up

 And use iptables to destinate the packates.

----------

## mariourk

It does provide some idea's, but it doesn't really explain how to handle it. Actually I get the impression that this 'howto' asks more questions that it answers...   :Confused: 

Thanks anyway though. It does give some options I could investigate.

----------

## jroo

It is pretty simple to set up if you do not want any QoS or load balancing between the interfaces, ie. only static rules of which trafic should go through which ADSL line. I did have almost similar setup; I routed trafic based on the destination but it should not be any problem to do it based on target ports. 

Unfortunately I do not have those iptables rules anymore but you basically need a set of SNAT. Rules should be matched to the destination port of a packet and the rule should change the packet's source address to the address of the interface used for the service identified by the packet's destination port. For example, packet having port 80 (http) set the source address to either of the interfaces address and the packet will be sent through the interface having the same address as the packet's source address. Remember to set some default setting that matches all the packets (the last rule) to make all the internet trafic flow.

A good place to look for is netfilter's homepage http://www.netfilter.org/ and NAT tutorial (http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.html). (It says that it's Linux 2.4 NAT HOWTO but it works for 2.6 also)

----------

## keyson

Hi,

The links from jroo is good, but you can have a look on this one also.

Linux Advanced Routing & Traffic Control

Routing for multiple uplinks/providers

----------

## mariourk

I got it working with the first link, given by keyson. So, thanks for that  :Very Happy: 

What I'm wondering. Now I'm using rules like this one:

```

ip rule add from <source ip> table adsl2

```

Is it possible to look at mark instead of from or to.

Than I could mark packages with iptables, in the mangle table. And I won't

have to bother with routes, once set.

----------

## keyson

OK,

Don't rely know what you after.

But something that may be interesting to you is this.

http://lartc.org/howto/lartc.cookbook.fullnat.intro.html#AEN2313

and for that you need:

http://lartc.org/howto/lartc.adv-filter.html

http://lartc.org/howto/lartc.qdisc.classful.html

By this you should be able to look at packet type and route and prioritise

the traffic. This is 'deep water' use of the Linux routing possibility.

----------

## mariourk

 *keyson wrote:*   

> OK,
> 
> Don't rely know what you after.
> 
> 

 

In oder to make this work, I have to create various routes and rules. That doesn't make it exactly more easy to manage things. So I figured, What if I create only 2 routes, like this:

```

ip rule add fwmark 0x1 table line1

ip rule add fwmark 0x2 table line2

```

Now I could simply manage things in IPtables by marking packages to direct them over a certain route:

```

iptables -t mangle -A PREROUTING -m tcp -p tcp --dport 25 -j MARK --set-mark 0x1

iptables -t mangle -A PREROUTING -m tcp -p tcp --dport 25 -j RETURN

iptables -t mangle -A PREROUTING -d 123.123.123.123 -j MARK --set-mark 0x2

iptables -t mangle -A PREROUTING -d 123.123.123.123 -j RETURN

iptables -t mangle -A PREROUTING -s 321.321.321.321 -j MARK --set-mark 0x1

iptables -t mangle -A PREROUTING -d 321.321.321.321 -j RETURN

```

And so on. The routes itself I don't need to bother with anymore. I handle it all with IPTables.

The problem is, I can't get this marking thing working. So I'm obvious doing something wrong.  :Sad: 

----------

## keyson

OK,

It look OK, but I'm not an expert on this.

But for making the kernel use the marking you need this.

IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [Y/n/?]

IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [Y/n/?]

IP: use netfilter MARK value as routing key (CONFIG_IP_ROUTE_FWMARK) [Y/n/?]

This is the only thing that I can think of now.

----------

## mariourk

I have everything in my kernel that I need for this. The thing that I was missing, was that rp_filter was still enabled.

As far as I know, this as a standard security feature to prevent IP-spoofing:

 *Quote:*   

> 
> 
> rp_filter is a functionality which automatically rejects incoming packets if the routing table entry for their source address
> 
> doesn't match the network interface they're arriving on. Normally, this has security advantages because it prevents the
> ...

 

Source

So, in my case, all that was left to do was this, in order to make it work:

```

echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter

```

I hope that helps someone  :Very Happy: 

----------

## keyson

OK mariourk,

Just want to say that the source link is

in my bookmarks now   :Smile: 

That was a good page.

----------

## mariourk

I got that one via howtofinder  :Wink: 

----------

