Routing ports to secondary network card

nimnull22 · 01-21-2010, 11:26 PM

To: chort
You don't understand me, between NICs and router/switch can be many additional equipment.

P.S. Sorry for second post, too many windows and workspaces.

vockleya · 01-21-2010, 11:44 PM

I ran the command above and nothing has changed. The traffic is still running through eth2, not eth0.

nimnull22 · 01-22-2010, 10:16 AM

Can you post here output of:
iptables-save

Thanks

vockleya · 01-22-2010, 11:35 AM

# Generated by iptables-save v1.4.4 on Fri Jan 22 12:34:37 2010
*mangle
:PREROUTING ACCEPT [7961636:10184378895]
:INPUT ACCEPT [7950272:10183055430]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6236614:725415287]
:POSTROUTING ACCEPT [6237555:725570448]
COMMIT
# Completed on Fri Jan 22 12:34:37 2010
# Generated by iptables-save v1.4.4 on Fri Jan 22 12:34:37 2010
*nat
:PREROUTING ACCEPT [5110:618803]
:POSTROUTING ACCEPT [56086:4045858]
:OUTPUT ACCEPT [56086:4045858]
COMMIT
# Completed on Fri Jan 22 12:34:37 2010
# Generated by iptables-save v1.4.4 on Fri Jan 22 12:34:37 2010
*filter
:INPUT DROP [318:103698]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [2255:98522]
:ufw-after-forward - [0:0]
:ufw-after-input - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-before-input - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-output - [0:0]
:ufw-logging-allow - [0:0]
:ufw-logging-deny - [0:0]
:ufw-not-local - [0:0]
:ufw-reject-forward - [0:0]
:ufw-reject-input - [0:0]
:ufw-reject-output - [0:0]
:ufw-track-input - [0:0]
:ufw-track-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-user-input - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-output - [0:0]
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j RETURN
-A ufw-after-input -p udp -m udp --dport 138 -j RETURN
-A ufw-after-input -p tcp -m tcp --dport 139 -j RETURN
-A ufw-after-input -p tcp -m tcp --dport 445 -j RETURN
-A ufw-after-input -p udp -m udp --dport 67 -j RETURN
-A ufw-after-input -p udp -m udp --dport 68 -j RETURN
-A ufw-after-input -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m state --state INVALID -j ufw-logging-deny
-A ufw-before-input -m state --state INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-track-output -p tcp -m state --state NEW -j ACCEPT
-A ufw-track-output -p udp -m state --state NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 443 -j ACCEPT
-A ufw-user-input -p udp -m multiport --dports 137,138 -m comment --comment "\'dapp_Samba\'" -j ACCEPT
-A ufw-user-input -p tcp -m multiport --dports 139,445 -m comment --comment "\'dapp_Samba\'" -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 10000 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 10000 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 52595 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 52595 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
COMMIT

nimnull22 · 01-22-2010, 03:29 PM

What is IP range your application connects to?
Actually, I do not need to know exact IP, is it one IP or many different?

nimnull22 · 01-22-2010, 03:45 PM

I have an idea, after you replay, I will tell you what it is.

vockleya · 01-22-2010, 03:55 PM

It connects to many different ip addresses. Most of the are 134.82.x.x but there are others.

nimnull22 · 01-22-2010, 04:28 PM

Ok, in that case I suggest you to take a look on this solution.
http://www.linuxquestions.org/linux/..._Multiple_DSLs

It needs to do some reconfiguration, but you will get "route balance" between ethernet interfaces on kernel level.
That is good idea, take a look, and not too difficult to do.

vockleya · 01-22-2010, 06:24 PM

Thanks. That's really helpful.

nimnull22 · 01-22-2010, 08:08 PM

Post please the result of its job, does it really good balance traffic between interfaces.

Thanks.