garcelj
Group: Members
Posts: 6
Joined: May 2005 |
 |
Posted: Sep. 29 2005,13:00 |
 |
Hello everyone,
I have recently re-purposed an old Compaq Celeron 500Mhz machine as a Linux router to leverage the use of a Comcast cable modem in a school that has a T-1 line.
The box has two network cards detected by DSL as eth0 and eth1. I am using iptables to setup NATting and IP-based policy routing.
I have created a script to setup iptables and NAT and it has been setup as follows:
#!/bin/sh
# Define Internal and External interfaces
INTIF="eth0"
EXTIF="eth1"
# Find the IP Address of the External interface
EXTIP="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
# Turn on IP Forwarding to allow this box to route packets
sudo echo "1" > /proc/sys/net/ipv4/ip_forward
sudo echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Clearing any existing rules and setting default policy
sudo iptables -P INPUT ACCEPT
sudo iptables -F INPUT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -F OUTPUT
sudo iptables -P FORWARD DROP
sudo iptables -F FORWARD
sudo iptables -t nat -F
# Allow IP traffic to go out External interface from the Internal
sudo iptables -A FORWARD -o $EXTIF -i ! $EXTIF -j ACCEPT
# Allow related traffic from Exteral to Internal that was
# initiated by the Internal interface
sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -f -j ACCEPT
# Enable SNAT (MASQUERADE) functionality on External interface
sudo iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# Define the tables for each gateway on each interface
sudo ip route add default via 10.x.x.1 dev eth0 table 1
sudo ip route add default via 68.x.x.1 dev eth1 table 2
# Add rules that route packets based on source or destination
sudo ip rule add to 204.39.x.x/16 table 2 priority 500
sudo ip rule add to 199.199.x.x/16 table 2 priority 510
sudo ip rule add from 10.69.x.x/24 table 1 priority 600
-------------------------------------------------------
This allows traffic to go out and it seems to work. However on some sites, response on the client side is very slow.
I have made sure that client are assigned the address of the Linux box as the gateway.
I have tried to traceroute a site from the client only to get as far as the Linux box and them time out.
I have also tried to do some speed tests from sites like dslreports.com and the download test go okay but the upload test either completes after a while or does not complete at all (this is often).
The client machines are a mix of Windows 98 and Windows XP.
Does anyone have an idea of what I may have done wrong in the setup?
Thanks in advance!
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
