Everyone,
I am putting together a new gateway machine that controls all of the traffic in and out of one of our offices. We we have a machine with CentOS Linux release 7.2.1511 (Core) with 3.10.0-327.10.1.el7.x86_64 kernel which is now equipped with three nic cards. We decided to change our internet providers, but unfortunately Comcast would not allow us to drop there service without some penalties so management decided to keep the line and not put up a fight. Of the three nic cards, one card serves the local network inside the office, and the other two will connect to the two different internet lines.
This has resulted in providing us with two outbound internet lines that we can use. I decided to do some experimenting to see if I could use iptables or other venues to use both outside internet addresses to augment our bandwidth.
Can anyone refer me to any tutorial or give me suggestions as to how to route outbound ssh traffic that is generated from one of the machines inside the network through only one of the specified nic cards on the gateway. I would like to see if I can utilize this extra band width by splitting ssh traffic and html traffic. Essentially, I would like to force outbound ssh traffic on only one of the outside nic cards.
Any ideas?
Greg Ennis
On Tue, Mar 08, 2016 at 09:41:43PM -0600, Gregory P. Ennis wrote:
Everyone,
I am putting together a new gateway machine that controls all of the traffic in and out of one of our offices. We we have a machine with CentOS Linux release 7.2.1511 (Core) with 3.10.0-327.10.1.el7.x86_64 kernel which is now equipped with three nic cards. We decided to change our internet providers, but unfortunately Comcast would not allow us to drop there service without some penalties so management decided to keep the line and not put up a fight. Of the three nic cards, one card serves the local network inside the office, and the other two will connect to the two different internet lines.
This has resulted in providing us with two outbound internet lines that we can use. I decided to do some experimenting to see if I could use iptables or other venues to use both outside internet addresses to augment our bandwidth.
Can anyone refer me to any tutorial or give me suggestions as to how to route outbound ssh traffic that is generated from one of the machines inside the network through only one of the specified nic cards on the gateway. I would like to see if I can utilize this extra band width by splitting ssh traffic and html traffic. Essentially, I would like to force outbound ssh traffic on only one of the outside nic cards.
Any ideas?
Greg Ennis
though I have no personal experience with this, I'm guessing that the term you want is "bonding" or "bonded interfaces". You can probably find articles on how to do that with some judicious googling. I know I've seen such articles, but haven't kept any records of where.
Good luck!
Fred
On 3/8/2016 8:13 PM, Fred Smith wrote:
though I have no personal experience with this, I'm guessing that the term you want is "bonding" or "bonded interfaces". You can probably find articles on how to do that with some judicious googling. I know I've seen such articles, but haven't kept any records of where.
NO.
you can't bond two interfaces connected to different ISP's.
best you can do is limited load balancing, and/or use source tagged routing via ip rules to change gateways. its a mess to get right.
Hi
Here is documentation that may help http://lartc.org/howto/lartc.rpdb.multiple-links.html but as John mentions it is painful to get right.
On Wed, Mar 9, 2016 at 5:17 PM, John R Pierce pierce@hogranch.com wrote:
On 3/8/2016 8:13 PM, Fred Smith wrote:
though I have no personal experience with this, I'm guessing that the term you want is "bonding" or "bonded interfaces". You can probably find articles on how to do that with some judicious googling. I know I've seen such articles, but haven't kept any records of where.
NO.
you can't bond two interfaces connected to different ISP's.
best you can do is limited load balancing, and/or use source tagged routing via ip rules to change gateways. its a mess to get right.
-- john r pierce, recycling bits in santa cruz
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 3/8/2016 8:47 PM, Clint Dilks wrote:
Here is documentation that may help http://lartc.org/howto/lartc.rpdb.multiple-links.html but as John mentions it is painful to get right.
sadly, that document is like 15 years old, and hasn't been updated. the basics are still valid, but things like how to integrate that with RHEL startup scripts? nada, you're on your own.
Em 09-03-2016 01:54, John R Pierce escreveu:
On 3/8/2016 8:47 PM, Clint Dilks wrote:
Here is documentation that may help http://lartc.org/howto/lartc.rpdb.multiple-links.html but as John mentions it is painful to get right.
sadly, that document is like 15 years old, and hasn't been updated. the basics are still valid, but things like how to integrate that with RHEL startup scripts? nada, you're on your own.
That's actually beyond that document scope.
Anyway, /usr/share/initscripts-*/sysconfig.txt has the info you need to integrate those comments on RHEL. Like, for the ip rule commands:
/etc/sysconfig/network-scripts/rule-<interface-name> /etc/sysconfig/network-scripts/rule6-<interface-name>
Contains lines that specify additional routing rules that should be added when the associated interface is brought up.
Each non-comment line is used directly as an argument to "/sbin/ip rule add" or "/sbin/ip -6 rule add" for rule6 files.
YMMV if you want to use NetworkManager/firewalld, of course.
Marcelo
I did this once more than 10 years ago. If I was to do it again, I would probably get shorewall to do most of the heavy lifting:
I did this once more than 10 years ago. If I was to do it again, I would probably get shorewall to do most of the heavy lifting:
---------------------------------------------
Hey, thanks everyone for your help... I thought this would be easy with iptables, but looks like I have some fun experimental work ahead of me :)
-
Clint Dilks -
Fred Smith -
Greg Ennis -
Gregory P. Ennis
-
John R Pierce -
Kahlil Hodgson -
Marcelo Ricardo Leitner