Re: using iptables for "route mapping"

[Kim Jensen <kimj@dawn.dk>]

Hi Mark,

Using the following lines it is possible to copy the default routing table 
into a second. With the fwmark rule you can trigger the routing table from 
iptables.

$ ip route flush table 4 > /dev/null 2>&1
$ ip route show table main | grep -Ev '^default' \
| while read ROUTE ; do
    ip route add table 4 $ROUTE
done
$ ip rule add fwmark 4 table 4
$ ip route add default via xxx.xxx.xxx.xxx table 4

Iptables part
$ iptables -t mangle -A PREROUTING -s aaa.bbb.ccc.ddd -j MARK --set-mark 4

If your source is matching the rule, it will be send via the alternative 
route, otherwise it will go via your normal route. Feel free to add more 
hosts.

In case you wish to use loadsharing, then you have to use a different 
approach. Read more about this at:
http://linux-ip.net/html/adv-multi-internet.html
http://www.ssi.bg/~ja/nano.txt

My problem here is that I still haven't heard about a solution where you have 
a mixture of MASQUERAD'ing and NAT'ing.

At least I hope this will help you.

Regards
Kim


On Monday 24 March 2003 20:49, Mark Seamans wrote:
> Has anyone used iptables (realm support) to act like Cisco's route mapping?
> IE:  Using it as a core ISP router with multiple uplinks.  Route source ip
> A to gateway X, while routing source ip B to gateway Y.
>
> I have played around with iproute2's tables and rules with no success.
>
> Mark