CentOs 8 routing with two active gateways?

G

German Bronsky2020-12-07 11:09:29

iptables

German Bronsky, 2020-12-07 11:09:29

Good day. Help me to understand.
There is a server with three network interfaces. One locale two other different internet providers.
The task is as follows, to have access to the LAN at the address of the second Internet provider, but by default the gateway of the first provider is selected. In 6 centos, everything worked without problems through routing, even iptables did not need to be twisted, now I just can’t figure it out.
If there is a gw 2 provider, then from the world I can go to the LAN via rdp, or see the cameras inside the network. As soon as I change gw, the locale disappears. Where to poke, where to dig?
What has been done:
2 tables have been created in rttables
t1 t2
, their ip and routes and rules are indicated

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir, 2020-12-07
@jamezbond

I will answer your question from the comment: if ipv4 forward = 0, then the Internet would not be available on the local network.
Now everything works exactly as you configured it, you just have a logical problem:
you have port forwarding -A PREROUTING -d 217.xxx .xxx.218/32 -i enp6s0 -p tcp -m tcp --dport 53388 -j DNAT --to-destination 192.168.0.166:53388
and packets will arrive at 217.xxx.xxx.218 and end up at 192.168.0.166 :53388, but the problem is that, according to your settings, packets from 192.168.0.166 (as well as from all networks 192.168.0.0/24) will go to the Internet not from the address 217.xxx.xxx.218, but through the address 192.168.59.2 accordingly, the RDP connection source will receive a response from a different IP address, which it does not expect in any way, therefore it will drop the packets.
Options for how to solve this:
simple - natit 192.168.0.166 to the Internet via 217.xxx.xxx.218
complex - masquerade and mark your gateway requests to 192.168.