Building Router with Transparent Web Resource Cache
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
Network Interface Configuration
192.168.0.0 Out 1(enp10s0f0) - Local 01(enp10s0f1) 192.168.10.0
- Local 02(enp10s0f2)
- Local 03(enp10s0f3)
59.27.1.128 Out 2(enp11s0f0) - Local 04(enp11s0f1) 192.168.11.0
- Local 05(enp11s0f2)
- Local 06(enp11s0f3)
There are 2 lines for out-bound. Each line share its outbound connection to Locals. Out 1 => Local 01~02, Out 2 => Local 03~04
So I made a script to configure iptables as following
iptables -t nat -A POSTROUTING -o enp10s0f0 -j MASQUERADE -s 192.168.10.0/24
iptables -t nat -A POSTROUTING -o enp11s0f0 -j MASQUERADE -s 192.168.11.0/24
iptables -A FORWARD -i enp10s0f0 -o enp10s0f1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f1 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f2 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f3 -o enp10s0f0 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f1 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f3 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f0 --source 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 --destination 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1/0x1
ip rule add fwmark 0x1/0x1 table 2
ip route add local 0.0.0.0/0 dev lo table 2
//Do this for enp11, too
But One of out-line, which is plugged later, doesn't work as expected.
(OS reconfigure the routing table after the line is plugged. So out-line first plugged only works. Second one not.)
Local-lines connected on another out-line works.
I guess it is caused by routing table... but I couldn't figure out the problem.
This is 'ip route' shows.
default via 59.27.1.129 dev enp11s0f0 proto static metric 2
default via 192.168.0.1 dev enp10s0f0 proto static metric 100
59.27.1.128/26 dev enp11s0f0 proto kernel scope link src 59.27.1.176 metric 2
169.254.0.0/16 dev enp11s0f0 scope link metric 2
192.168.0.0/24 dev enp10s0f0 proto kernel scope link src 192.168.0.22 metric 100
192.168.10.0/24 dev enp10s0f1 proto kernel scope link src 192.168.10.251 metric 100
192.168.11.0/24 dev enp11s0f1 proto kernel scope link src 192.168.11.251 metric 2
222.118.178.36 via 59.27.1.129 dev enp11s0f0 proto dhcp metric 2
Thank you.
router nat
asked Oct 11 '17 at 6:41
nemo
11
add a comment |Â
up vote
0
down vote
favorite
Network Interface Configuration
192.168.0.0 Out 1(enp10s0f0) - Local 01(enp10s0f1) 192.168.10.0
- Local 02(enp10s0f2)
- Local 03(enp10s0f3)
59.27.1.128 Out 2(enp11s0f0) - Local 04(enp11s0f1) 192.168.11.0
- Local 05(enp11s0f2)
- Local 06(enp11s0f3)
There are 2 lines for out-bound. Each line share its outbound connection to Locals. Out 1 => Local 01~02, Out 2 => Local 03~04
So I made a script to configure iptables as following
iptables -t nat -A POSTROUTING -o enp10s0f0 -j MASQUERADE -s 192.168.10.0/24
iptables -t nat -A POSTROUTING -o enp11s0f0 -j MASQUERADE -s 192.168.11.0/24
iptables -A FORWARD -i enp10s0f0 -o enp10s0f1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f1 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f2 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f3 -o enp10s0f0 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f1 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f3 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f0 --source 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 --destination 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1/0x1
ip rule add fwmark 0x1/0x1 table 2
ip route add local 0.0.0.0/0 dev lo table 2
//Do this for enp11, too
But One of out-line, which is plugged later, doesn't work as expected.
(OS reconfigure the routing table after the line is plugged. So out-line first plugged only works. Second one not.)
Local-lines connected on another out-line works.
I guess it is caused by routing table... but I couldn't figure out the problem.
This is 'ip route' shows.
default via 59.27.1.129 dev enp11s0f0 proto static metric 2
default via 192.168.0.1 dev enp10s0f0 proto static metric 100
59.27.1.128/26 dev enp11s0f0 proto kernel scope link src 59.27.1.176 metric 2
169.254.0.0/16 dev enp11s0f0 scope link metric 2
192.168.0.0/24 dev enp10s0f0 proto kernel scope link src 192.168.0.22 metric 100
192.168.10.0/24 dev enp10s0f1 proto kernel scope link src 192.168.10.251 metric 100
192.168.11.0/24 dev enp11s0f1 proto kernel scope link src 192.168.11.251 metric 2
222.118.178.36 via 59.27.1.129 dev enp11s0f0 proto dhcp metric 2
Thank you.
router nat
asked Oct 11 '17 at 6:41
nemo
11
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mentionenp10s0f3which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.
– zagrimsan
Oct 11 '17 at 7:00
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Network Interface Configuration
192.168.0.0 Out 1(enp10s0f0) - Local 01(enp10s0f1) 192.168.10.0
- Local 02(enp10s0f2)
- Local 03(enp10s0f3)
59.27.1.128 Out 2(enp11s0f0) - Local 04(enp11s0f1) 192.168.11.0
- Local 05(enp11s0f2)
- Local 06(enp11s0f3)
There are 2 lines for out-bound. Each line share its outbound connection to Locals. Out 1 => Local 01~02, Out 2 => Local 03~04
So I made a script to configure iptables as following
iptables -t nat -A POSTROUTING -o enp10s0f0 -j MASQUERADE -s 192.168.10.0/24
iptables -t nat -A POSTROUTING -o enp11s0f0 -j MASQUERADE -s 192.168.11.0/24
iptables -A FORWARD -i enp10s0f0 -o enp10s0f1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f1 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f2 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f3 -o enp10s0f0 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f1 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f3 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f0 --source 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 --destination 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1/0x1
ip rule add fwmark 0x1/0x1 table 2
ip route add local 0.0.0.0/0 dev lo table 2
//Do this for enp11, too
But One of out-line, which is plugged later, doesn't work as expected.
(OS reconfigure the routing table after the line is plugged. So out-line first plugged only works. Second one not.)
Local-lines connected on another out-line works.
I guess it is caused by routing table... but I couldn't figure out the problem.
This is 'ip route' shows.
default via 59.27.1.129 dev enp11s0f0 proto static metric 2
default via 192.168.0.1 dev enp10s0f0 proto static metric 100
59.27.1.128/26 dev enp11s0f0 proto kernel scope link src 59.27.1.176 metric 2
169.254.0.0/16 dev enp11s0f0 scope link metric 2
192.168.0.0/24 dev enp10s0f0 proto kernel scope link src 192.168.0.22 metric 100
192.168.10.0/24 dev enp10s0f1 proto kernel scope link src 192.168.10.251 metric 100
192.168.11.0/24 dev enp11s0f1 proto kernel scope link src 192.168.11.251 metric 2
222.118.178.36 via 59.27.1.129 dev enp11s0f0 proto dhcp metric 2
Thank you.
router nat
asked Oct 11 '17 at 6:41
nemo
11
Network Interface Configuration
192.168.0.0 Out 1(enp10s0f0) - Local 01(enp10s0f1) 192.168.10.0
- Local 02(enp10s0f2)
- Local 03(enp10s0f3)
59.27.1.128 Out 2(enp11s0f0) - Local 04(enp11s0f1) 192.168.11.0
- Local 05(enp11s0f2)
- Local 06(enp11s0f3)
There are 2 lines for out-bound. Each line share its outbound connection to Locals. Out 1 => Local 01~02, Out 2 => Local 03~04
So I made a script to configure iptables as following
iptables -t nat -A POSTROUTING -o enp10s0f0 -j MASQUERADE -s 192.168.10.0/24
iptables -t nat -A POSTROUTING -o enp11s0f0 -j MASQUERADE -s 192.168.11.0/24
iptables -A FORWARD -i enp10s0f0 -o enp10s0f1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f2 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f0 -o enp10s0f3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp10s0f1 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f2 -o enp10s0f0 -j ACCEPT
iptables -A FORWARD -i enp10s0f3 -o enp10s0f0 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f1 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f2 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f3 -p tcp -m tcp --dport 80 -j TPROXY --on-ip 0.0.0.0 --on-port 8080 --tproxy-mark 0x1/0x1
iptables -t mangle -A PREROUTING -i enp10s0f0 --source 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 --destination 192.168.10.0/24 -j ACCEPT
iptables -t mangle -A PREROUTING -i enp10s0f0 -p tcp -m tcp --sport 80 -j MARK --set-mark 0x1/0x1
ip rule add fwmark 0x1/0x1 table 2
ip route add local 0.0.0.0/0 dev lo table 2
//Do this for enp11, too
But One of out-line, which is plugged later, doesn't work as expected.
(OS reconfigure the routing table after the line is plugged. So out-line first plugged only works. Second one not.)
Local-lines connected on another out-line works.
I guess it is caused by routing table... but I couldn't figure out the problem.
This is 'ip route' shows.
default via 59.27.1.129 dev enp11s0f0 proto static metric 2
default via 192.168.0.1 dev enp10s0f0 proto static metric 100
59.27.1.128/26 dev enp11s0f0 proto kernel scope link src 59.27.1.176 metric 2
169.254.0.0/16 dev enp11s0f0 scope link metric 2
192.168.0.0/24 dev enp10s0f0 proto kernel scope link src 192.168.0.22 metric 100
192.168.10.0/24 dev enp10s0f1 proto kernel scope link src 192.168.10.251 metric 100
192.168.11.0/24 dev enp11s0f1 proto kernel scope link src 192.168.11.251 metric 2
222.118.178.36 via 59.27.1.129 dev enp11s0f0 proto dhcp metric 2
Thank you.
router nat
router nat
asked Oct 11 '17 at 6:41
nemo
11
asked Oct 11 '17 at 6:41
nemo
11
edited Oct 11 '17 at 7:45
asked Oct 11 '17 at 6:41
nemo
11
asked Oct 11 '17 at 6:41
nemo
11
asked Oct 11 '17 at 6:41
nemo
11
11
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mentionenp10s0f3which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.
– zagrimsan
Oct 11 '17 at 7:00
add a comment |Â
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mentionenp10s0f3which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.
– zagrimsan
Oct 11 '17 at 7:00
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mention
enp10s0f3 which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.– zagrimsan
Oct 11 '17 at 7:00
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mention
enp10s0f3 which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.– zagrimsan
Oct 11 '17 at 7:00
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
It was a problem of routing table.
Exactly the same one.
Ref.
NAT box with multiple internal and external interfaces
have to divide table and add rules for lookup based on IP.
answered Oct 12 '17 at 6:54
nemo
11
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
It was a problem of routing table.
Exactly the same one.
Ref.
NAT box with multiple internal and external interfaces
have to divide table and add rules for lookup based on IP.
answered Oct 12 '17 at 6:54
nemo
11
add a comment |Â
up vote
0
down vote
It was a problem of routing table.
Exactly the same one.
Ref.
NAT box with multiple internal and external interfaces
have to divide table and add rules for lookup based on IP.
answered Oct 12 '17 at 6:54
nemo
11
add a comment |Â
up vote
0
down vote
up vote
0
down vote
It was a problem of routing table.
Exactly the same one.
Ref.
NAT box with multiple internal and external interfaces
have to divide table and add rules for lookup based on IP.
answered Oct 12 '17 at 6:54
nemo
11
It was a problem of routing table.
Exactly the same one.
Ref.
NAT box with multiple internal and external interfaces
have to divide table and add rules for lookup based on IP.
answered Oct 12 '17 at 6:54
nemo
11
answered Oct 12 '17 at 6:54
nemo
11
answered Oct 12 '17 at 6:54
nemo
11
answered Oct 12 '17 at 6:54
nemo
11
11
add a comment |Â
add a comment |Â
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f397355%2fbuilding-router-with-transparent-web-resource-cache%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
"One of out-line, which is plugged later"... What do you mean? Also, your iptables rules mention
enp10s0f3which isn't present in either the routing table or the network configuration diagram of yours. Please include all the relevant information so that others can understand your setup and what you are actually asking.– zagrimsan
Oct 11 '17 at 7:00