[LARTC] two link

[LARTC] two link

[Fabio Silva]

hi list, i need help
i have two links

               LINK 1
Internet                    Linux  ---- LAN
               LINK 2


i need that the traffic web goes to link 2
i use squid in the linux with transparent proxy i´ve tried to use
squid parameter "tcp_outgoing_address" but it doesnt work.

best regards



--
---------------------------------------------------
Fabio S. Silva
fabiofoz@gmail.com
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] two link

[Corey Hickey]

Fabio Silva wrote:
> hi list, i need help
> i have two links
> 
>                LINK 1
> Internet                    Linux  ---- LAN
>                LINK 2
> 
> 
> i need that the traffic web goes to link 2
> i use squid in the linux with transparent proxy i´ve tried to use
> squid parameter "tcp_outgoing_address" but it doesnt work.

I don't know about squid, but this should do it.

--------BEGIN--------
# this is untested, so be sure to look at it closely

# make a chain for marking packets
iptables -t mangle -N link2
iptables -t mangle -A link2 -j mark --set-mark 0x08  # 8 is arbitrary
iptables -t mangle -A link2 -j ACCEPT

# send http traffic to that chain
iptables -t mangle -A PREROUTING \
    -m multiport -p tcp --dport www,https -j link2

# set a rule for packets marked with "8" to go to table 8
ip rule add fwmark 8 table 8

# set up the default route for table 8
# replace $LINK2_GW with the gateway for link2 (at your ISP)
# replace $LINK2_DEV with the interface of link2 (eth1 or eth2, etc.)
ip route add default via $LINK2_GW dev $LINK2_DEV table 8
--------END--------

You may need to set up SNAT or masquerade separately for link2. If you
need help with that, I'll send a sample.

-Corey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] two link

[Corey Hickey]

> if you cold send it to me... thanks.. :D

It's actually pretty easy -- you just need to specify that all traffic
going out that particular interface should be NATted. The only
consideration, if you know you need to do NAT, is whether to use SNAT or
MASQUERADE. Again, these are untested and off the top of my head.

If you have a static IP:
iptables -t nat -A POSTROUTING -j SNAT --to-source $LINK2_IP

If you have a dynamic IP:
iptables -t nat -A POSTROUTING -j MASQUERADE

See the iptables manpage for why MASQUERADE should be used for dynamic IPs.

-Corey

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] two link

[Corey Hickey]

Fabio Silva wrote:
> Corey ,
> 
> sorry, but, i need to make this and my server has proxy transparent
> can you give an aid to me with this?

I'm sorry, but I don't understand your question. I understand if English
isn't your native language, but I can't tell what you mean here.

Also, please keep this discussion on the lartc mailing list. Usually
this means using the "reply to all" function of your email program.
There's a chance you'll ask a question that could be better answered by
another member of the mailing list, and it's also quite possible that
I'll make a mistake and somebody will correct me.

-Corey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc