We have set up a ClarkConnect box as a firewall/gateway/router/content filter. Since then, we have had sporatic lag in our internet. Usually, it works just fine, but sometimes it will drag down to a crawl. I assume what's causing it is a poorly written route table.

I am very new to route AND routing. Here is the set up, though:

Our local subnet is 10.20.0.0.

There are three VPN's-

VPN1 - Connects us with our other office, 10.20.0.0 is their subnet. This address is 10.20.3.50.

VPN2 - Connects us with another company, and all traffic heading to their network. They have 4 different subnets that they use. 192.168.1.0, 192.168.2.0, 192.168.3.0, and 192.168.4.0. The VPN is 10.20.3.51.

VPN3 - Connects us with yet another company on only one subnet. Their subnet is 10.5.15.0 and the VPN is 10.20.3.52.

The default gateway is 10.20.1.1.

The ClarkConnect box has two nics and is running in gateway mode.
(I used the periods as space holders.)

Public................../------VPN1---------\
|.........................|------VPN2---------|
|.........................|------VPN3---------|
|.........................|_____Clark_____/__________________Internal
Gateway-----------/.......Connect
Now, the routing setup I currently have going is dragging the internet. After a bit more research, I realize now that I am WAY off in the setup.

Here is my routing table, and the commands I entered into the network script (I did nothing else besides editing /etc/sysctl.conf and changing net.ipv4.ip_forward to 1, and I'm sure now that this was WAY wrong):


Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.XXX.XXX.45 * 255.255.255.224 U 0 0 0 eth0
10.5.15.0 10.20.3.52 255.255.255.0 UG 0 0 0 eth1
192.168.1.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.2.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.3.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
192.168.4.0 10.20.3.51 255.255.255.0 UG 0 0 0 eth1
10.20.0.0 * 255.255.0.0 U 0 0 0 eth1
10.10.0.0 10.20.3.50 255.255.0.0 UG 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
65.0.0.0 * 255.0.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 65.XXX.XXX.44 0.0.0.0 UG 0 0 0 eth0

route add -net 10.10.0.0 netmask 255.255.0.0 gw 10.20.3.50 eth1
route add -net 10.5.15.0 netmask 255.255.255.0 gw 10.20.3.52 eth1
route add -net 65.0.0.0 netmask 255.0.0.0 eth0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.2.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.3.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
route add -net 192.168.4.0 netmask 255.255.255.0 gw 10.20.3.51 eth1
Here is the script I found online, that I have edited for my own use:

Code:

#!/bin/bash

echo "Start Network Configuration..."

echo "Setting LAN variables..."

LANIP="10.20.3.99"
LANNET="10.20.0.0/32"
LANIF="eth1"

ATL_SUBNET="10.10.0.0"
ATL_MASK="255.255.0.0"
ATL_GW="10.20.3.50"

PRIME_SUBNET="10.5.15.0"
PRIME_MASK="255.255.255.0"
PRIME_GW="10.20.3.52"

PEGS_SUBNET1="192.168.1.0"
PEGS_SUBNET2="192.168.1.0"
PEGS_SUBNET3="192.168.1.0"
PEGS_SUBNET4="192.168.1.0"
PEGS_MASK="255.255.255.0"
PEGS_GW="10.20.1.5"

echo "Setting WAN variables..."

WANIP1="65.XXX.XXX.50"
WANNET1="65.XXX.XXX.43/30"
WANGW1="65.XXX.XXX.44"
WANIF1="eth0"

#No modifications after this line.

echo "Flushing tables..."
ip route flush cache
ip route flush all
ip route flush table 10
ip route flush table 11
ip route flush table 12

echo "Adding routes to default table..."
ip route add $WANNET1 dev $WANIF1 src $WANIP1
ip route add LANNET dev $LANIF src $LANIP
ip route add 127.0.0.0/8 dev lo src 127.0.0.1

echo "Adding 1st WAN ip rules..."
ip rule add from $WANNET1 lookup 11

echo "Adding routes to 1st WAN table..."
ip route add $LANNET dev $LANIF table 11
ip route add 0/0 via $WANGW1 table 11
ip route add -net $ATL_SUBNET netmask $ATL_MASK gw $ATL_GW $LANIF
ip route add -net $PRIME_SUBNET netmask $PRIME_MASK gw $PRIME_GW $LANIF
ip route add -net $PEGS_SUBNET1 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET2 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET3 netmask $PEGS_MASK gw 10.20.1.5 $LANIF
ip route add -net $PEGS_SUBNET4 netmask $PEGS_MASK gw 10.20.1.5 $LANIF


echo "Adding balanced default route..."
ip route add default equalize nexthop via $WANGW1 dev $WANIF1 weight 1
echo "Network Configuration: Done!"
I haven't tried the script yet. I didn't want to make matters worse, especially since I know I'm supposed to do SOMETHING with iptables. Although I'm not a complete newbie when it comes to linux, I am very new to using it as a router.

Any help would be greatly appreciated. Books/faqs/etc. suggestions are also encouraged.