# iproute2 multiple public WAN LAN gateway rt_tables

## ragarwal

I have this configuration working, but I do not know what is the Gentoo (correct) way to accomplish this.

Background:

I have 2 WAN interfaces and a LAN interface.

WAN #1 is a high speed Cable modem for users to browse web and download content.

WAN #2 is a SDSL connection, primarily for network admins to remote access / troubleshoot.

LAN #1 provides NAT and squid.

QUESTION:

 What is the right way (and syntax) for this configuration.  I suspect, that instead of putting stuff in the /etc/conf.d/local.start script with routing commands, I can just put the right statements in the /etc/conf.d/net file.

However, I could not find a good tutorial for the /etc/conf.d/net (even the /etc/conf.d/net.example) is not much help.

Even though there are multiple gateways available, I do not care about the load balancing.  I only care about the fact that the traffic coming in on a specific gateway, should be returned back to the same gateway, not the default.

By default, all the traffic should go out the preferred  high-speed Inet access.

Please point me to the right direction.

Thanks.

My config files as below:

1. /etc/conf.d/net

```
#----- Start of /etc/conf.d/net -----#

dns_domain="myOwnDomainName.com"

dns_servers="192.168.16.20 68.87.76.228"

modules=("iproute2")

#eth0 = Admin WAN connection (STATIC IP ADDRESSES)

#eth1 = Userland LAN

#eth2 = Hi-Speed Access (behind a cable modem / router combo)

config_eth0=( "234.204.245.201/27 brd 234.204.245.223" )

config_eth1=( "192.168.16.40/24 brd 192.168.16.255" )

config_eth2=( "192.168.1.250/24 brd 192.168.1.255" )

#----- End of /etc/conf.d/net -----#

```

2. /etc/iproute2/rt_tables

```
#----- Start of /etc/iproute2/rt_tables -----#

#

# reserved values

#

255     local

254     main

253     default

0       unspec

#

# local

#

#1      inr.ruhep

201     gate1

202     gate2

#----- End of /etc/iproute2/rt_tables -----#

```

3. /etc/conf.d/local/start

```
#----- Start of /etc/conf.d/local.start -----#

IF0=eth1

P0_NET=192.168.16.0/24

IF1=eth2

IP1=192.168.1.250

P1=192.168.1.1

P1_NET=192.168.1.0/24

T1=gate1

IF2=eth0

IP2=234.204.245.201

P2=234.204.245.193

P2_NET=234.204.245.192/27

T2=gate2

ip route add $P1_NET dev $IF1 src $IP1 table $T1

ip route add default via $P1 table $T1

ip route add $P2_NET dev $IF2 src $IP2 table $T2

ip route add default via $P2 table $T2

ip route add $P1_NET dev $IF1 src $IP1

ip route add $P2_NET dev $IF2 src $IP2

ip route add default via $P1

ip rule add from $IP1 table $T1

ip rule add from $IP2 table $T2

ip route add $P0_NET     dev $IF0 table $T1

ip route add $P2_NET     dev $IF2 table $T1

ip route add 127.0.0.0/8 dev lo   table $T1

ip route add $P0_NET     dev $IF0 table $T2

ip route add $P1_NET     dev $IF1 table $T2

ip route add 127.0.0.0/8 dev lo   table $T2

#----- End of /etc/conf.d/local/start -----#

```

I am also attaching my firewall rules, just in case

4. Firewall rules scripts - Executed and saved.

iptables.rules

```
#----- Start of /root/iptables.rules -----#

#!/bin/bash

#

# Copy and paste these examples ...

export WAN=eth2

export LAN=eth1

# Flush both external and internal chains -- delete all rules

iptables -F

iptables -t nat -F

# Setup default policies to handle unmatched traffic

#iptables -P INPUT ACCEPT

#iptables -P OUTPUT ACCEPT

#iptables -P FORWARD DROP

# Then we lock our services so they only work from the LAN

iptables -I INPUT 1 -i lo -j ACCEPT

iptables -I INPUT 1 -i ${LAN} -j ACCEPT

#squid rejected

iptables -A INPUT -p TCP --dport 3128 -i ! ${LAN} -j REJECT

# Drop TCP / UDP packets to privileged ports

iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

# Finally we add the rules for NAT

iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP

iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT

iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

# Add transparent proxy with squid

iptables -t nat -A PREROUTING -i ${LAN} -p tcp --dport 80 -j REDIRECT --to-port 3128

# Tell the kernel that ip forwarding is OK

echo 1 > /proc/sys/net/ipv4/ip_forward

for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

#----- End of /root/iptables.rules -----#

```

----------

## erik258

What you want is this:

http://larc.org/howto/

Specifically:

http://lartc.org/howto/lartc.rpdb.multiple-links.html

Good luck!

----------

