Multiple IP addresses on one NIC and Multiple internet connections on one nic: Difference between revisions
| Line 210: | Line 210: | ||
= iproute2 howtos = | = iproute2 howtos = | ||
[[iproute2]] | |||
Revision as of 07:15, 1 April 2019
isp isps nic ip alias ip aliasing multiple ips on one nic
basics
Enable ip forwarding
sysctl net.ipv4.ip_forward
or
echo 1 > /proc/sys/net/ipv4/ip_forward
Multiple Connections to the Internet / two isps on one nic
/etc/shorewall/interfaces
net eth0 82.94.91.79,188.204.140.224 routeback
/etc/postfix/main.cf
add 188.204.140.192/27 to mynetworks
/etc/iproute2/rt_tables
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 82 sdsl 188 fibre
ip addr add 188.204.140.196/27 brd 188.204.140.223 dev eth0:1 label eth0:1
ip route add 82.94.91.64/28 dev eth0 src 82.94.91.77 table sdsl ip route add default via 82.94.91.65 table sdsl ip rule add from 82.94.91.64/28 table sdsl ip route add 188.204.140.192/27 dev eth0 src 188.204.140.196 table fibre ip route add default via 188.204.140.193 table fibre ip rule add from 188.204.140.192/27 table fibre to check: ip rule show ip route list table fibre ip route list table sdsl
or in /etc/network/interfaces
auto eth0
iface eth0 inet static
address 82.94.91.77
netmask 255.255.255.240
#netmask 255.255.255.255
network 82.94.91.64
broadcast 82.94.91.79
gateway 82.94.91.65
dns-nameservers 213.75.63.36 194.109.9.99 212.61.33.42 194.109.6.66
post-up ip route add 82.94.91.64/28 dev eth0 src 82.94.91.77 table sdsl
post-up ip route add default via 82.94.91.65 table sdsl
post-up ip rule add from 82.94.91.64/28 table sdsl
post-down ip rule del from 82.94.91.64/28 table sdsl
post-up ip addr add 188.204.140.196/27 brd 188.204.140.223 dev eth0:1 label eth0:1
post-up ip route add 188.204.140.192/27 dev eth0 src 188.204.140.196 table fibre
post-up ip route add default via 188.204.140.193 table fibre
post-up ip rule add from 188.204.140.192/27 table fibre
post-down ip rule del from 188.204.140.192/27 table fibre
post-down ip addr del 188.204.140.196/27 dev eth0:1
To set a new ip address this way you can flush all ip addresses linked to the device
ip addr flush dev eth0
This also brings the device down, like
ifdown eth0
would.
In order to assign the new IP you need to take it up again
ifup eth0
To change the default gateway the server and programmes launched from it use, you may have to delete the old gateway (it'll only accept one) with
ip route del default via 82.94.91.65
and add the new one with
ip route add default via 188.204.140.193
then change /etc/resolv.conf with
nameserver 213.75.63.36
in the top
More information:
http://linux-ip.net/html/adv-multi-internet.html#ex-adv-multi-internet-outbound-ip-routing
http://www.policyrouting.org/iproute2.doc.html#ss9.5
ip address management
ip address management with ip addr - http://linux-ip.net/html/tools-ip-address.html#tb-tools-ip-addr-scope
ip addr add 188.204.140.195/27 brd 188.204.140.223 dev eth1 label eth1:1
Guide to IP Layer Network Administration with Linux Version 0.4.5 Author: Martin A. Brown - http://linux-ip.net/html/index.html
Asynchronous / Asymmetric / Policy Routing
When using policy routing make sure reverse path filtering is DISABLED
http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html
https://access.redhat.com/solutions/53031
# for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do > echo 2 > $i > done
to see if you're dropping packets
echo 1 >/proc/sys/net/ipv4/conf/<interfacename>/log_martians
http://www.linuxjournal.com/article/7291?page=0,2
using sysctl
https://ams-ix.net/technical/specifications-descriptions/config-guide (11.6)
sysctl -w net.ipv4.conf. ifname .rp_filter=0net.ipv4.conf.ifname.rp_filter = 0
This guy also calls it Loopy routing
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH05.web.html (especially example 5.2.1)
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/CH06.web.html (especially example 6.1.3) is useful for outbound routes through one eth port and downstream through a satellite
http://www.policyrouting.org/iproute2.doc.html#ss9.16
http://www.policyrouting.org/iproute2.doc.html#ss9.5
http://www.lartc.org/lartc.html
Another way is to mask the src in the routing table
http://forums.whirlpool.net.au/archive/206603 eg ip route add default via 2.2.2.1 src 1.1.1.1
OR this way?
https://people.debian.org/~ultrotter/talks/dc10/networking.html
# Asymmetric policy routing ip route replace table 100 proto static \ throw 192.168.0.0/16
https://www.ukessays.com/essays/computer-science/asymmetric-routing-splitting-routing-computer-science-essay.php uses SNAT in the iptables
In Linux, we can implement asymmetric routing using iptables (linux 2.4): iptables -A POSTROUTING -t nat -j SNAT -to 192.168.0.5 -o eth0 This means, for all the packets leaving out via eth0, their source IP address will be altered to 192.168.0.5.
Problems with using mobile phones
As you can't set the routing table for a 4G provider, you can't set the src flag in ip route. If you can get a portable firewall or router to route your 4G connection to your provider maybe you could use the ip route / iptables SNAT options.
http://www.g7smy.co.uk/?p=505 this guy has used a raspberry pi with a ZTE MF 823 (Megafon M100-3) 4G Modem USB thing to do this.