[WBEL-users] Lost is routing hell

[Kirby Bohling]

On Thu, Aug 19, 2004 at 03:27:11PM +0100, Denis Croombs wrote:
> I am trying to setup a firewall/router with 4 interfaces and cannot get my
> head around how to setup the routing between the interfaces, can any kind
> person please tell me how to set this up. (I will be useing shorewall to do
> the firewall protection afterwards)
> (I have done this some 2 years ago but I just cannot get my head around it
> at the moment, and it is now really getting to me)
> 
> ETH0 connection to internet
> ETH1 Local connection number 1 (using squid)
> ETH2 DMZ connection
> ETH3 Second local connection direct access to the internet.
> 
> Any clues/links that would ease the brain cells ?

Denis, I'm going to make up some IP numbers for you:

(I just made these up, 69 is a recent class A that just got put on
line, and 24 I believe is used by several large cable companies).
     Subnet      Remote Gw   Local IP
eth0 69.0.0.0/24  69.0.0.1   69.0.0.2
eth1 10.0.0.0/24             10.0.0.1
eth2 10.2.0.0/24             10.2.0.1   
eth3 24.0.0.0/24  24.0.0.1   24.0.0.2

Do you just want the routing table, or would you rather see how the
config is done in via RedHat's stuff in
/etc/sysconfig/networking-scripts?

I'll just give you the ip commands assuming you've got the thing up
already.

ip route add 69.0.0.0/24 dev eth0
ip route add 10.0.0.0/24 dev eth1
ip route add 10.2.0.0/24 dev eth2
ip route add 24.0.0.0/24 dev eth3
ip route add default dev eth0 via 69.0.0.1

Now all of your traffic does down eth0.

When the eth0 link dies, run this:

ip route del default dev eth0
ip route add default dev eth3 via 24.0.0.1

That will switch you from one ISP to the other.  If you want a more
sophisticated version of all this that will load balance or other
nifty stuff like that, read up at lartc.org.  They have a fine
mailing list.  The guy behind it is very helpful when I was
following the list about a year or two ago.

I believe this link talks about it:
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html

Assuming you want to setup transparent proxying of:
http://www.lartc.org/howto/lartc.cookbook.squid.html

They assume you know a bit of routing as I recall, but have a couple
of useful links near the beginning of the howto.

This page tells you a bit about the IP command if you are unfamiliar
with it:
http://www.lartc.org/howto/lartc.iproute2.explore.html

If you want more detailed stuff, I can help you offlist, as I've got
a similar setup (I've got three upstream ISP's, and a local
connection, which feeds into a different firewall that has an
outside, DMZ and inside interfaces).  So I've done roughly what you
want, but we do it across two routers (it's easier to handle all the
cases when there is only one upstream interface rather then 3).

Thanks,
	Kirby