Asterisk (VoIP) has an interesting bug...
You can't really network Asterisk to use two uplink network connections, since Asterisk grabs the default interface and "rides with it"

If you have a bastion host, that is routing all traffic from your SOHO (small office/home office), and you're trying to get the traffic separated, you will run into the problem of separating the traffic (traffic shaping), since you have to give asterisk the "default route"

Here is what you do...

Give Asterisk, the default route, i.e. define "ip route add default via 1.1.1.1 ethX"
That should be the gateway and ethX interface that will be carrying your VoIP traffix.

(remember to make asterisk listen to all interfaces, bind 0.0.0.0)

Prepare the tables with:
echo 100 att >> /etc/ip_route2/rt_tables
echo 101 speakeasy >> /etc/ip_route2/rt_tables

Then, assuming two interfaces (eth1 on at&t at 1.1.1.2, and eth2 on speakeasy (good only for bulk traffic) at 2.1.1.2), make source routing tables:

ip rule add from 1.1.1.2 table att
ip route add default via 1.1.1.1 dev eth1 src 1.1.1.2 table att
ip rule add from 2.1.1.2 table speakeasy
ip route add default via 2.1.1.1 dev eth2 src 2.1.1.2 table speakeasy

You're halfway there... now let's get source routing in place... this is what makes the server respond back on the same IP that it receives requestss...

ip rule add from 1.1.1.2 table att
ip rule add from 2.1.1.2 table speakeasy

Now, if a packet comes from 1.1.1.2 it will take the att route, if it's from 2.1.1.2 it will take the speakeasy route.

Finally, let's add the special incantation to get your local traffic (on eth0, with 10.0.0.0/24 to go through speakeasy, since it's only good for bulk traffic)

We need to mark the packets before "routing decision"

iptables -t mangle -A PREROUTING -i eth0+ -s 10.0.0.0/24 ! -d 10.0.0.0/24 -j MARK — set-mark 1

Now we route the packets the right way; i.e. all local outbound SNATted traffic takes the bulk speakeasy route

ip rule add fwmark 1 table speakeasy

And finally, we make the SNAT rule for speakeasy, for all fwmark 1 packets

iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to 2.1.1.2

Now, please... the fictitious IP numbers:

• 1.1.1.1 is the gateway for 1st DSL
• 1.1.1.2 is your IP for the 1st DSL
• 2.1.1.1 is the gateway for 2nd DSL
• 2.1.1.2 is your IP for the 2nd DSL
• 10.0.0.0/24 is your local network

Change all, as appropriate... don't ever assume that these are valid IP numbers.
(Only networks like 10.x.x.x or 192.168.x.x are private, if you pick anything else for your internal network, you will be blocking out parts of the internet for yourself)

---

Permalink (referenced by: 0 posts / references: 0 posts) 0 comments [view comments]