home | list info | list archive | date index | thread index

[OCLUG-Tech] iproute2

All:

It's been years since I posted here. I've got a situation that I could use some help on.

I've got a client who is doing some interesting things. I've got a firewall with four Ethernet interfaces in that connects to the Internet via PPPoE.

eth0 - Internal private network
eth1 - Public wireless network for their clients and visitor use
eth2 - connection to DSL via PPPoE
eth3 - connection to internal VOIP system (use for failover if dedicated VOIP internet connection fails)
tun0 - OpenVPN
ppp0 - External connection

Everything has worked fine in this site for years. The client recently decided to move to a VOIP system for their internal phones, and it has it's own Internet connection to the provider. The VOIP provider's proprietary router has an Ethernet interface to allow failover connection to a secondary provider if their own network fails.

eth3 is set up as static 10.20.0.2/255.255.0.0/16 with the external Ethernet interface on the VOIP router (10.20.0.1) as the default gateway on the network.

I've set up iproute2 to add a new table in /etc/iproute2/rt_tables:

100   voip_provider
255   local
254   main
253   default

In /etc/network I've added a script if-post-up-eth3.sh:

ip rule add from 222.88.20.0/24 table voip_provider
ip rule add from 222.88.21.0/24 table voip_provider
ip rule add from 222.88.22.0/24 table voip_provider
ip route add default via 10.20.0.1 dev eth3 table voip_provider
ip route flush cache

ip masq is working for eth3.

I can connect a PC on the eth3 10.20.0.0/16 network and it has no problem surfing etc.

What I want to do is have packets from all of the specified external subnets routed out of the firewall to the address 10.20.0.1 on eth3. Basically, all external traffic from these source address ranges need to be forwarded to the VOIP provider's router, with no exception.

Any ideas?

--
Bill S



message navigation