From mboxrd@z Thu Jan 1 00:00:00 1970 From: "XMundo - Soporte Tecnico" Date: Sat, 18 Sep 2004 21:31:41 +0000 Subject: [LARTC] =?iso-8859-1?Q?Doesn=B4t_work?= Message-Id: <01bd01c49dc6$e48edd70$fd01000a@estacion1> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org I have the next script written by me but it doen=B4t work correctly. The modem2 (eth2) send the packets with the source IP of the modem1 (eth0). I=B4m view it with the snort (snort -i eth2 -Nv port 80)..... Any idea? It is my script:: ################################## IP=3D/sbin/ip IPTABLES=3D/sbin/iptables MODEM1=3D"eth0" MODEM2=3D"eth2" LAN=3D"eth1" $IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE $IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE $IP rule add fwmark 1 table modem1 $IP rule add fwmark 2 table modem2 $IP rule add fwmark 3 table web $IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via 200.xxx.xxx.1 dev $MODEM2 $IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1 $IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2 $IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j MARK --set-mark 3 echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/