[Firewall] setup two external interfaces

Rene Koka kentaur at tsentraal.ee
Wed Mar 10 08:48:27 CET 2010


> I have the same configuration and the same problem !!!
> I found a solution (workaround ???) I activate the plugin : multiroute.... (with 50/50 weight)
>
> And now the two external interfaces are working ...
To get full multirouting capabilities you need Julian Anastasov kernel
patch :
http://www.ssi.bg/~ja/
http://www.ssi.bg/~ja/routes-2.6.33-16.diff

To setup both routes and to repeatedly test them if they are working I'm
using :
http://www.ssi.bg/~ja/tmp/mpath2.sh

Only missing piece is nice qos script as arno-firewall
traffic-shaper.plugin doesnt support two external interfaces.
To overcome this I made a plugin which sets tcp, udp session limits per ip :

for interface in $INT_IF; do
    iptables -I FORWARD -i $interface -p tcp --syn --dport 1: -m
connlimit --connlimit-above 50 -j REJECT
    iptables -I FORWARD -i $interface -p tcp --syn --dport 1024: -m
connlimit --connlimit-above 30 -j REJECT
    iptables -I FORWARD -i $interface -p udp --dport 1: -m connlimit
--connlimit-above 12 -j REJECT
    iptables -I FORWARD -i $interface -p udp --dport 1024: -m connlimit
--connlimit-above 12 -j REJECT
done

Rene


More information about the Firewall mailing list