How to make two separately working providers on one server?

Y

ykrain2014-02-13 20:49:15

Computer networks

ykrain, 2014-02-13 20:49:15

There are two providers, one of them has a static IP, and the other has a static DHCP. It is necessary that network interfaces work simultaneously separately from each other. It is not possible to do this, because so far Debian chooses the gateway of only one of the providers. Accordingly, only the one that is plugged into the zero interface works.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

S

sergeevav82, 2014-02-14
@ykrain

Here is an example, as promised:
In /etc/iproute2/rt_tables add

101     P1  -  Провайдер1
102     P2  -  Провайдер2

echo "Чистим таблицы"
ip route flush table P1
ip route flush table P2
echo "Чистим правила в таблицах"
ip rule delete table P1
ip rule delete table P2
echo "Чистим кэш"
ip route flush cache
echo "Заносим gw в таблици"
ip route add default via <шлюз 1-го провайдера> dev <интерфейс 1-го прова> table P1
ip route add default via <шлюз 2-го провайдера> dev <интерфейс 2-го прова> table P2
echo "Добавляем правила в таблици"
ip rule add from <IP 1-го прова> table P1
ip rule add from <IP 2-го прова> table P2
echo "Добавляем правила в таблици по маркировке"
ip rule add fwmark 1 table P1
ip rule add fwmark 2 table P2
echo "Заносим сети провайдера в таблицу 1"
ip route add <Сеть 1-го прова> dev <интерфейс 1-го прова> src <IP 1-го прова> table P1
echo "Заносим сети провайдера в таблицу 2"
ip route add <Сеть 2-го прова> dev <интерфейс 2-го прова> src <IP 2-го прова> table P2
echo "Заносим локальные сети в таблицу 1"
ip route add <локальная сеть> dev <интерфейс локалки> src <IP на интерфейсе локалки> table P1
ip route add 127.0.0.0/8 dev lo table P1
echo "Заносим локальные сети в таблицу 2"
ip route add <локальная сеть> dev <интерфейс локалки> src <IP на интерфейсе локалки> table P2
ip route add 127.0.0.0/8 dev lo table P2
echo "Удаляем маршрут по умолчанию"
ip route del default
echo "Создаем маршрут по умолчанию"
ip route add default scope global nexthop via <шлюз 1-го прова> dev <интерфейс 1-го прова> weight 1 nexthop via <шлюз 2-го прова> dev <интерфейс 2-го прова> weight 1

If the provider issues dynamics, then it is possible to pass IP and gateway as parameters to the script
Cut from iptables rules

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:balance - [0:0]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -i <интерф. прова1> -m state --state NEW -j CONNMARK --set-xmark 0x1/0xffffffff
-A PREROUTING -i <интерф. прова2> -m state --state NEW -j CONNMARK --set-xmark 0x2/0xffffffff
-A PREROUTING -d <IP или сеть> -j CONNMARK --set-xmark 0x1/0xffffffff  - это принудительный выход через 1-го прова.
-A PREROUTING -d <IP или сеть> -j CONNMARK --set-xmark 0x2/0xffffffff   - это принудительный выход через 2-го прова.
-A PREROUTING -i <интерфейс локалки> -m state --state NEW -j balance
-A PREROUTING -m connmark --mark 0x1 -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -m connmark --mark 0x2 -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -m state --state NEW -m connmark ! --mark 0x0 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A OUTPUT -m state --state NEW -j balance
-A balance -o lo -j RETURN
-A balance -o <интерфейс локалки> -j RETURN
-A balance -m connmark ! --mark 0x0 -j RETURN
-A balance -m state --state RELATED,ESTABLISHED -j RETURN
-A balance -j CONNMARK --set-xmark 0x2/0xffffffff
-A balance -j RETURN

As a result, the output of the ip ro command will be as follows.

..........
default 
        nexthop via <шлюз 1-го прова>  dev <интерфейс 1-го прова> weight 1
        nexthop via <шлюз 2-го прова>  dev <интерфейс 2-го прова> weight 1
...........

Both providers work both for input and output.

S

sergeevav82, 2014-02-13
@sergeevav82

I advise you to look towards iproute2 + iptables balancing. At me at work two Provo are so configured.

V

Vlad Zhivotnev, 2014-02-14
@inkvizitor68sl

https://debian.pro/697 - "Linux machine with 2 VLANs." The essence is about the same.
Look with "We write something like the following in /etc/network/interfaces"
But in this scheme, only those connections that were established externally to the second interface will work through the second interface. All outgoing connections will go in accordance with the routing table (and in it you will most likely have everything through one network card). If you need to go to certain networks always from a certain interface, then you need to add a route to them.
This is the fastest way (both in terms of configuration and in terms of speed). Only your task is not described enough for me to definitely tell you whether it is or not. But overall it fits.

S

Sergey SA, 2014-02-14
@resetsa

look, it seems about default route, debian and 2 providers
https://www.debian-administration.org/articles/377
there is the same ip-route