OS: Linux debian 4.9.0-4-amd64 # 1 SMP Debian 4.9.65-3 + deb9u1 (2017-12-23) x86_64 GNU / Linux

There are three interfaces:

  1. enp0s3 (looking to the local network),
  2. ppp100 (looking to the Network, 3G modem),
  3. ppp200 (looking to the Network, 3G modem).

Here is the output of ifconfig .
Configure pppd for modem .

I'm trying to configure 3proxy to work via 3G modems (of course, separately). When I raise only one modem and configure 3proxy, then everything works. If I raise both modems, the modem that was raised first is not working. It looks like a routing problem. However, as soon as I did not try to understand and apply the settings, it did not work out.

Can someone tell me how to set up this whole thing? Thank.
I am new to Linux, so reading a man is useless in my case.

  • I correctly understood: should the local network clients be allowed on the Internet via 3proxy, which is installed on a server with two 3G modems, through which the Internet “comes”? And how to understand the phrase in brackets (естественно раздельно) ? - de_frag
  • @defrag Yes, that's right, maybe later there will be access from the Network at a static IP address (I will forward the ports of proxy to enp0s3). "Separately" means that I will listen to two ports, for example, 8080 and 8081, depending on the port will allow traffic on different modems (I will launch two 3proxy processes) - Vasily Nikonov
  • OK. But what about 2 3G modems? Do you want to collect some "balancer" from them? Or some reservation? - de_frag
  • @defrag I need them for http / https proxy. No balancing or reservation - Vasily Nikonov
  • This is probably a question based on your recent task about splitting http / https traffic across different links? - de_frag 7:08 pm

1 answer 1

If I'm not mistaken, you initially had an idea to distribute http / https traffic depending on the "incoming" port. Ie, if it came to port 8080 of a certain gateway, then forward to the ppp0 interface, if to 8081, then to ppp1.

Since the task requires http proxying plus masquerading based on the destination port, it is not solved by iptables alone or by http proxy alone. Since all this works at different levels of the OSI model.

Let's offer another option.

We will analyze only the "outgoing" traffic of the gateway.

The plan will be:

  • We configure on the http-proxy gateway (let it be 3proxy) to receive connections on the enp0s3 interface to the standard port 3128.
  • Configure the client browser to this http-proxy on port 3128
  • We configure outgoing traffic masquerading on the gateway, taking into account the destination port and choosing the appropriate interface.

Total we get the following:

In the client’s browser line, http://microsoft.com is typed, the request arrives at the http proxy, the http proxy finds the destination address, sends the request to the required server, iptables resolves outgoing traffic.

According to the settings:

  • 3proxy is configured as simple as possible without authorization (or ip authorization)
  • The client browser is also easy to configure (well, you yourself know).
  • On the gateway, the following is done: iptables -t nat -A POSTROUTING -o ppp100 -p tcp --dport 80 -j MASQUERADE and by analogy for port 443.

It looks like a working scheme. But of course, I did not test it on ppp connections due to their absence.

  • The problem seems to be solved by writing your own proxy server, with the binding of the outgoing request socket to a specific interface using the SO_BINDTODEVICE option. While testing, it seems to work on an idea, I'll see how it goes on. Thanks for the help - Vasily Nikonov
  • @ VasilyNikonov and throw your decision here, if not difficult. - de_frag 1:59 pm
  • I can not throw off my code, because developed not himself, but for the enterprise. But that's what helped me - Vasily Nikonov