From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-1?Q?T=F3th_N=E1ndor?= Date: Mon, 14 Feb 2005 20:47:24 +0000 Subject: Re: [LARTC] NAT over 2 providers (not load balance) Message-Id: <42110E5C.5000802@sch.bme.hu> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi! Mihai Vlad wrote: > Hi guys, > > Can you take a look at this? :) > > > +-----------+ > | | > eth1-|- | > | -|-eth0---LAN--- > | | > eth2-|- | > | | > +-----------+ > - > > eth0 is connected to the LAN having the IP=LAN_IP > > eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 > eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2 > > I need to selectively SNAT clients in the LAN to ISP_IP_1 or ISP_IP_2. > > That would be something like: > $IPTABLES -t nat -A POSTROUTING -s 172.17.31.5 -j SNAT --to-source $ISP_IP_1 > $IPTABLES -t nat -A POSTROUTING -s 172.17.31.7 -j SNAT --to-source $ISP_IP_2 > > > This does not work since all the packets are forwarded to the default GW > which is ISP_GW_1. > > How can I change this? > > As far as I remember, the routing decisions and policy are before the > POSTROUTING chain in which the SNAT occurs... $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE -j SNAT --to-source $EXTERNAL_IP_ADDR $IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE2 -j SNAT --to-source $EXTERNAL_IP_ADDR2 And add some rules based on client's source ip address. (policy routing) http://www.linux.com/howtos/Adv-Routing-HOWTO/lartc.rpdb.simple.shtml -- Udv, Nandor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/