purpose: utilize simultaneously symmetric and asymmetric internet connections on linux router to achieve cost efficient way of providing internet access for few dozens of users. why? symmetric connections to internet still tend to be overpriced, poland is no exception. small ISPs providing internet access for 100 or 200 users usually cannot afford pipes fat enough to satisfy always growing demand of all those p2p lovers. adding asymmetric xDSL connections dedicated only for http traffic to existing symmetric internet uplink can significantly improve end-user experience without causing too much additional costs.
\n
\nwhat needs to be done on linux router? not much:<\/p>\n
to create new routing tables add at the end of \/etc\/iproute2\/rt_tables following lines to :<\/p>\n
100 T1\r\n200 T2\r\n<\/pre>\nthis is just an human readable [ T1 ? not exactly ;] alias to number of routing table used internally by kernel.<\/p>\n
put following rules in one of your network \/ firewall startup scripts:<\/p>\n
# table for packets with src address in 99.99.99.88\/29 [ xDSL link ]\r\nip route add 192.168.0.0\/24 dev eth0 src 192.168.0.1 table T1 \r\nip route add 99.99.99.88\/29 dev eth1 src 99.99.99.90 table T1 \r\nip route add 11.11.11.124\/30 dev eth2 src 11.11.11.126 table T1 \r\nip route add 127.0.0.0\/8 dev lo table T1 \r\nip route add default via 99.99.99.89 table T1 \r\n# rule : select table T1 if src address is in 99.99.99.88\/29\r\nip rule add from 99.99.99.88\/29 table T1 \r\n#\r\n# table for packets with src address 11.11.11.126 [ symmetric link ]\r\nip route add 192.168.0.0\/24 dev eth0 src 192.168.0.1 table T2\r\nip route add 99.99.99.88\/29 dev eth1 src 99.99.99.90 table T2 \r\nip route add 11.11.11.124\/30 dev eth2 src 11.11.11.126 table T2\r\nip route add 127.0.0.0\/8 dev lo table T2\r\nip route add default via 11.11.11.125 table T2 \r\n# rule : select T2 if src address is 11.11.11.126\r\nip rule add from 11.11.11.126 table T2 \r\n#\r\n# default routing table\r\nip route add default scope global nexthop via 11.11.11.125 dev eth2\r\n<\/pre>\nas you see each table should contain all routes including those available directly [ like 192.168.0.1 – available on lan interface of described router ].<\/p>\n
after running script above your router by default will initiate all outgoing connections with src address of 11.11.11.126 and route them thru eth2, but if you force it to use src ip of 99.99.99.90 connections will go thru 99.99.99.89 gateway at eth1. so right now we just need to redirect all http requests coming from lan to squid and tell squid to bind to 99.99.99.90 when initiating connections.<\/p>\n
additional config change in \/etc\/squid\/squid.conf – just add:<\/p>\n
tcp_outgoing_address 99.99.99.90<\/pre>\nlast thing to do : make sure you redirect local http traffic to squid:<\/p>\n
iptables -t nat -A PREROUTING -s 192.168.0.0\/24 -p tcp --dport 80 -j REDIRECT --to-port 8080\r\n# in my case i also masquarade all traffic going out via eth2\r\niptables -t nat -A POSTROUTING -s 192.168.0.0\/24 -o eth2 -j MASQUERADE\r\n<\/pre>\nside effect of such a configuration: all http traffic initiated by users in lan will be seen as coming from one public ip addresses assigned to xDSL link. to make things even better one should always add QoS to make sure available bandwidth is fairly shared among users.<\/p>\n
description is based on my experiences with some networks where i\u2019ve successfully set up similar configuration. <\/p>\n","protected":false},"excerpt":{"rendered":"
purpose: utilize simultaneously symmetric and asymmetric internet connections on linux router to achieve cost efficient way of providing internet access for few dozens of users. why? symmetric connections to internet still tend to be overpriced, poland is no exception. small ISPs providing internet access for 100 or 200 users usually cannot afford pipes fat enough […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[38,6,3],"class_list":["post-10","post","type-post","status-publish","format-standard","hentry","category-tech","tag-lartc","tag-linux","tag-old-stuff"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/10","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=10"}],"version-history":[{"count":14,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/10\/revisions"}],"predecessor-version":[{"id":668,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/10\/revisions\/668"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=10"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=10"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=10"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}