From mboxrd@z Thu Jan 1 00:00:00 1970 From: Damion de Soto Date: Thu, 05 Feb 2004 05:39:43 +0000 Subject: Re: [LARTC] Direct SQUID Traffic to eth0 Message-Id: <4021D71F.4040809@snapgear.com> List-Id: References: <20040204143639.90686.qmail@web14306.mail.yahoo.com> In-Reply-To: <20040204143639.90686.qmail@web14306.mail.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi Marcelo, > I have a Linux box in the border of a customer and have the following setup: > > This box runs Squid, in transparent mode. I redirect all traffic to internet on port 80 > to port 3128 on the box, when coming from eth2 and eth3. > I need to make all traffic from eth2 and eth3 get to the Internet through eth0 and the > traffic the firewall origintates too. > Only traffic recieved from a single host in eth3 and coming from eth1 should get out > through eth1. You should be able to use 2 routing tables. one with a default gateway via eth1, and the other via eth0 you then use policy routing rules: like this, i think: ip route add 0/0 via eth2-gw-IP table 1 ip rule add pref 1000 from eth2-gw-IP lookup 1 ip route add default nexthop via eth2-gw-IP dev eth2 ip route add 0/0 via eth1-gw-IP table 2 ip rule add pref 1001 from eth1-gw-IP lookup 2 ip rule add pref 1002 from eth3-single-IP lookup 2 -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/