[ previous ] [ next ] [ threads ]
 
 From:  Sylvain MEDEOT <symedeot at yahoo dot fr>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Two Monowall for dual wan and one linux router
 Date:  Thu, 01 Sep 2005 14:28:24 +0200 
Hi,

First of all, please excuse my poor english...

I have 2 monowalls running, one per wan link.

I have an expensive 1024kb SDSL link and a normal ADSL link (1024kb/256kb).

I would like to use this second link for non-essential traffic (for me) 
such as web for example.

These two monowalls are linked to a linux debian routeur with two lan 
cards :

                  MONO SDSL                       MONO ADSL
            LAN 192.168.8.0/24             LAN 192.168.9.0/27
                      192.168.8.1                        192.168.9.1
                                        |                                 |
                                        |                                 |
                                    ETH0                       ETH1
                                192.168.8.2           192.168.9.2
                                         LINUX ROUTEUR (*)
                                                  + VPN
                                       
                My LAN is 192.168.8.0/24 and the default gateway is 
192.168.8.2

Actually, all traffic comes in from the SDSL link and I do NAT to send 
data to my servers.

Monowall running on ADSL link is ok.
I just added a static route :

LAN  192.168.8.0/24  192.168.9.2 

and a nat inbound :

WAN  TCP  80 (HTTP)  192.168.8.7  80 (HTTP) 
+Auto-add a firewall rule to permit traffic through this NAT rule**

To make things simple, all traffic coming from lan to wan is currently 
accepted on monowall-ADSL.

When I try an access with wget http://ipwanadsl/mypage.html I get 
nothing (test done  from another site with ssh + wget)...

Then if I change NAT inbound to
WAN  TCP  80 (HTTP)  192.168.9.2  80 (HTTP) 

It works perfectly (I started a web server on the linux router).

 From the monowall-adsl, I can ping 192.168.8.7. From 192.168.8.7, I can 
ping 192.168.9.1.

Can somebody tell me where I am wrong ?

Regards,

Sylvain

(*)
To load balance between the two monowall, I am using the following script :

IF1=eth0
IP1=192.168.8.2
P1_NET=192.168.8.0/24
P1=192.168.8.1

IF2=eth1
IP2=192.168.9.2
P2_NET=192.168.9.0/27
P2=192.168.9.1

ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2

ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2

ip route add default via $P1

ip rule add from $IP1 table T1
ip rule add from $IP2 table T2

ip route add $P0_NET     dev $IF0 table T1
ip route add $P2_NET     dev $IF2 table T1
ip route add 127.0.0.0/8 dev lo   table T1
ip route add $P0_NET     dev $IF0 table T2
ip route add $P1_NET     dev $IF1 table T2
ip route add 127.0.0.0/8 dev lo   table T2

ip route add default scope global nexthop via $P1 dev $IF1 weight 1 
nexthop via $P2 dev $IF2 weight 1


	

	
		
___________________________________________________________________________ 
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger 
Téléchargez cette version sur http://fr.messenger.yahoo.com