Sunday, March 22, 2009

Routing over multiple PPP accounts (Part1)

In my previous post, I have set up two PPPoE accounts. Now we will try to get basic routing to work. The first thing we want to do is to route replies of packets coming in over a specific interface, back out over that same interface. Perhaps the cleanest way to do this is to create a routing table for each PPP account. Edit /etc/iproute2/rt_tables to append the lines to create the ppp0 and ppp1 routing table entries, it should look something like

root@slowpoke ~ $ cat /etc/iproute2/rt_tables 
# reserved values
255 local
254 main
253 default
0 unspec
# local
#1 inr.ruhep
1 ppp0
2 ppp1

Now we want to create the routing rules for each of the interfaces, and we want to create them automatically whenever the interface goes up. We can do this by creating a bash script in the /etc/ppp/ip-up.d directory (mine is called, the name is irrelevant, as long as it ends in ".sh"). Also remember to make the script executable. This script is called whenever a new interface goes up, with the following parameters (among others): the INTERFACE that just went up, the IP address of the interface, and the GATEWAY address of the interface. This is what my script looks like:

root@slowpoke ~ $ cat /etc/ppp/ip-up.d/ 


# Create the entries in the dedicated routing table for this interface. It's basically the route
# to the gateway, as well as the default route. This routing table will be used for routing
# replies to incoming packets on this interface

/sbin/ip route add $GATEWAY dev $INTERFACE src $IP table $INTERFACE
/sbin/ip route add default via $GATEWAY table $INTERFACE

# Create the routing rule that uses the above routing table. When we already have the source
# address, route out over the above table

/sbin/ip rule add from $IP lookup $INTERFACE

# Create the main default route ... will be overwritten when the second PPP connection goes up

/sbin/ip route add default dev $INTERFACE via $GATEWAY

After establishing the two PPP connections, you should be able to access both IP addresses from the internet (outside). Replies to incoming packets will now be routed back over the same interface

Next step is to manage the DNS servers of the PPP links ...

No comments: