Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: tropicalview on December 13, 2008, 03:40:49 PM
-
Dear all,
I wonder if SME server in gateway mode can route specific traffic / URLS via a other gateway.
My network setup is like this:
I have a private network, SME server is connected in that one as the gateway.
on the external port i have switch with 2 routers, one with 1MB internet used for daily internet usage (without public static ip)(default gateway of the SME server) and one with 256KB internet with public static ip
Right now i use the one with the static ip address only for incoming traffic (incoming email, VPN connections)
Now i also want to be able to do this:
All internet traffic goes to the gateway with 1MB, only the requests to my viop provider (specific ip's / domains) will go to the other one, to be sure we have always a free pipe for the viop.
I hope this is possible, any suggestion is more than welcome.
-
I'm sure there are several ways to achieve what you after. A solution that I believe would be fairly easy to setup is this:
1. Create a local subnet between your WAN gateways and your SME box, Let's call this Local Subnet 1. It should look something like this:
WAN1 WAN2
| |
Gateway1(256k) Gateway2(1000K)
| |
| (Local Subnet1 ) |
------------------
|
SME
|
Local Subnet2
2. Setup SME so that the External IP is within the Local Subnet 1 IP pool. The default gateway for SME's External connection will be the Local Subnet 1 IP for Gateway2, your 1000K connection.
3. Port forward the internet services coming in from Gateway1 to your SME box. For example, if you want SME Server to provide SMTP, then you would setup a port forward from Gateway1 to your SME box for port 25.
4. Setup a subnet for your local network that will sit behind SME Server, Local Subnet 2
I hope this helps.
-
Hi gzartman,
The situation as you describe here is what i already have and works fine:
200.6.59.x xxx.xx.xx.xxx
(static) (dynamic)
WAN1 WAN2
10.0.0.2 10.0.0.1
| |
Gateway1(256k) Gateway2(1000K)
| |
| (Local Subnet1 ) |
------------------
|
ip: 10.0.0.3
gateway: 10.0.0.1
SME
ip: 192.168.212.1
|
Local Subnet2
192.168.212.x
I already have port forwardings in the WAN1 so that i can have my domain name + vpn services.
the thing i want to is that requests that goes to a specific domain / ip address on the internet is not routed to the main gateway (WAN2) but to the WAN1.
I want this so that VIOP services can use the bandthwidth of the WAN1 without having problems with the load on WAN2.
So i want a exeption on the routing using a other than the default gateway for certain addresses.
By the way thank you for the visualization of the situation by a little text drawing.
-
You can try to play with static routes on your SME so it directs traffic to certain domains (IP) through a different gateway. After you happy with results those static routes can be made persistent.
-
You can try to play with static routes on your SME so it directs traffic to certain domains (IP) through a different gateway.
That's not sufficient to ensure that the return traffic comes back through the same gateway.
-
It sounds good, i do not see any reason why return data will come via the other gateway.
all requests are initialited from our network.
How can i make these special routes?
-
I am risking to sound like RTFM guy, but the best place to start is "man route" from the command line. Once you figure out what you want to do, its worth looking into /home/e-smith/db/networks file to see how it is structured. It is not advisable to edit it directly, but "db networks" commands may help. Its too useful learning path to miss.
-
It sounds good, i do not see any reason why return data will come via the other gateway.
all requests are initialited from our network.
Return routes are entirely determined by the source address of the packets you send, and has nothing to do with which gateway you choose to send those packets through on the outbound path.
You can probably find the information you want to the Linux Advanced Routing & Traffic Control website -
http://lartc.org/.
-
Charlie, are you saying that if you send the packet to domain-A via WAN1 gateway (200.6.59.x),the reply may come back to WAN2 gateway (xxx.xx.xx.xxx)?
-
Charlie, are you saying that if you send the packet to domain-A via WAN1 gateway (200.6.59.x),the reply may come back to WAN2 gateway (xxx.xx.xx.xxx)?
Yes.
-
The source address will be rewritten by NAT on the gateway WAN1 (200.6.59.x). There is no way for domain-A to know about the other gateway WAN2 (xxx.xx.xx.xxx).
In addition the Gateway WAN1 (static) is currently used for inbound connections (e-mail and VPN) and Internet DNS servers point to that address in case if reply packets are somehow determine the senders domain of origin.
-
The source address will be rewritten by NAT on the gateway WAN1 (200.6.59.x).
I missed the added detail that the gateway did NAT. That wasn't mentioned in the original post, but is implicit in the diagram.
-
Yes but Charlie's point is still valid
The Server will send the VoIP traffic over it's default gateway and you will not be using the other (non default) link
I think what you need to do is go to the default gateway's router and add a route to the VoIP carriers network via the 2nd gateway's internal IP (you need the DMZ as earlier shown)
Then
- The traffic will go that way (via the other gateway)
- and - if you enable ICMP traffic (thanks Charlie - learnt that one earlier) the SME box will actually learn that route
-
Dear all,
thanks for the many replies and the great discussion about this toppic.
i learned a lot again.
As i compile all the answers and search the internet i think that this can be accomplished by this command:
route add -net 123.12.12.234 gw 10.0.0.2
where 123.12.12.234 is the ip address of the Voip provider.
Is this correct?
and if yes, how can i make sure this will be a fixed solution using the template's of SME?
By the way, i found this command on: http://www.cpqlinux.com/routes.html (http://www.cpqlinux.com/routes.html)
-
That is correct but
You do have to resort to modifying the sme default behaviour
If you add the route to the main router - sme's default behaviour is preserved - that has a lot of value for my way of thinking
-
Hi David,
Thanks again for your reply.
to change the router(s) is not an option.
the one that's the default gateway is a ADSL modem maintained by the provider.
The other one is a simple Hotbrix firewall without features like that.
I would realy appreciate that the SME server can do this and we can create a template about it.
Perhaps i have to study on the templating system to be sure how i can create this.
Thanks a lot.
-
to change the router(s) is not an option.
the one that's the default gateway is a ADSL modem maintained by the provider.
The other one is a simple Hotbrix firewall without features like that.
in that case I'll put a firewall/router like pfsense in front of the lan.. it do what you are asking for and lot more.. and all without changing SME behaviour
my 2c
Ciao
Stefano