* [LARTC] two link
@ 2005-09-29 17:19 Fabio Silva
2005-09-30 0:53 ` Corey Hickey
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Fabio Silva @ 2005-09-29 17:19 UTC (permalink / raw)
To: lartc
hi list, i need help
i have two links
LINK 1
Internet Linux ---- LAN
LINK 2
i need that the traffic web goes to link 2
i use squid in the linux with transparent proxy i´ve tried to use
squid parameter "tcp_outgoing_address" but it doesnt work.
best regards
--
---------------------------------------------------
Fabio S. Silva
fabiofoz@gmail.com
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] two link
2005-09-29 17:19 [LARTC] two link Fabio Silva
@ 2005-09-30 0:53 ` Corey Hickey
2005-09-30 20:14 ` Corey Hickey
2005-10-03 20:13 ` Corey Hickey
2 siblings, 0 replies; 4+ messages in thread
From: Corey Hickey @ 2005-09-30 0:53 UTC (permalink / raw)
To: lartc
Fabio Silva wrote:
> hi list, i need help
> i have two links
>
> LINK 1
> Internet Linux ---- LAN
> LINK 2
>
>
> i need that the traffic web goes to link 2
> i use squid in the linux with transparent proxy i´ve tried to use
> squid parameter "tcp_outgoing_address" but it doesnt work.
I don't know about squid, but this should do it.
--------BEGIN--------
# this is untested, so be sure to look at it closely
# make a chain for marking packets
iptables -t mangle -N link2
iptables -t mangle -A link2 -j mark --set-mark 0x08 # 8 is arbitrary
iptables -t mangle -A link2 -j ACCEPT
# send http traffic to that chain
iptables -t mangle -A PREROUTING \
-m multiport -p tcp --dport www,https -j link2
# set a rule for packets marked with "8" to go to table 8
ip rule add fwmark 8 table 8
# set up the default route for table 8
# replace $LINK2_GW with the gateway for link2 (at your ISP)
# replace $LINK2_DEV with the interface of link2 (eth1 or eth2, etc.)
ip route add default via $LINK2_GW dev $LINK2_DEV table 8
--------END--------
You may need to set up SNAT or masquerade separately for link2. If you
need help with that, I'll send a sample.
-Corey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] two link
2005-09-29 17:19 [LARTC] two link Fabio Silva
2005-09-30 0:53 ` Corey Hickey
@ 2005-09-30 20:14 ` Corey Hickey
2005-10-03 20:13 ` Corey Hickey
2 siblings, 0 replies; 4+ messages in thread
From: Corey Hickey @ 2005-09-30 20:14 UTC (permalink / raw)
To: lartc
> if you cold send it to me... thanks.. :D
It's actually pretty easy -- you just need to specify that all traffic
going out that particular interface should be NATted. The only
consideration, if you know you need to do NAT, is whether to use SNAT or
MASQUERADE. Again, these are untested and off the top of my head.
If you have a static IP:
iptables -t nat -A POSTROUTING -j SNAT --to-source $LINK2_IP
If you have a dynamic IP:
iptables -t nat -A POSTROUTING -j MASQUERADE
See the iptables manpage for why MASQUERADE should be used for dynamic IPs.
-Corey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] two link
2005-09-29 17:19 [LARTC] two link Fabio Silva
2005-09-30 0:53 ` Corey Hickey
2005-09-30 20:14 ` Corey Hickey
@ 2005-10-03 20:13 ` Corey Hickey
2 siblings, 0 replies; 4+ messages in thread
From: Corey Hickey @ 2005-10-03 20:13 UTC (permalink / raw)
To: lartc
Fabio Silva wrote:
> Corey ,
>
> sorry, but, i need to make this and my server has proxy transparent
> can you give an aid to me with this?
I'm sorry, but I don't understand your question. I understand if English
isn't your native language, but I can't tell what you mean here.
Also, please keep this discussion on the lartc mailing list. Usually
this means using the "reply to all" function of your email program.
There's a chance you'll ask a question that could be better answered by
another member of the mailing list, and it's also quite possible that
I'll make a mistake and somebody will correct me.
-Corey
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-10-03 20:13 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-29 17:19 [LARTC] two link Fabio Silva
2005-09-30 0:53 ` Corey Hickey
2005-09-30 20:14 ` Corey Hickey
2005-10-03 20:13 ` Corey Hickey
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.