From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brent Clark Date: Sat, 18 Sep 2004 22:18:32 +0000 Subject: Re: [LARTC] =?ISO-8859-1?Q?Doesn=B4t_work?= Message-Id: <414CB438.5030605@rocketseed.us> List-Id: References: <01bd01c49dc6$e48edd70$fd01000a@estacion1> In-Reply-To: <01bd01c49dc6$e48edd70$fd01000a@estacion1> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org XMundo - Soporte Tecnico wrote: >I have the next script written by me but it doen=B4t work correctly. The >modem2 (eth2) send the >packets with the source IP of the modem1 (eth0). > >I=B4m view it with the snort (snort -i eth2 -Nv port 80)..... > >Any idea? > >It is my script:: >################################## > >IP=3D/sbin/ip >IPTABLES=3D/sbin/iptables >MODEM1=3D"eth0" >MODEM2=3D"eth2" >LAN=3D"eth1" > >$IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT >$IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE >$IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT >$IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE > >$IP rule add fwmark 1 table modem1 >$IP rule add fwmark 2 table modem2 >$IP rule add fwmark 3 table web > >$IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop v= ia >200.xxx.xxx.1 dev $MODEM2 > >$IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1 >$IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2 > >$IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j >MARK --set-mark 3 > >echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter >echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > =20 > Hi Arnt you supposed to use PREROUTING. Kind Regards Brent Clark _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/