From mboxrd@z Thu Jan 1 00:00:00 1970 From: Amin Azez Subject: Re: Per-client NAT routing -- possible? Date: Thu, 23 Mar 2006 10:07:34 +0000 Message-ID: <44227366.60106@ufomechanic.net> References: <51e5f6120603220916v3c536afamdb3023563866397d@mail.gmail.com> <51e5f6120603221849p2da80ec5nb49ae81d7ae93d8f@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: To: netfilter-devel@lists.netfilter.org In-Reply-To: <51e5f6120603221849p2da80ec5nb49ae81d7ae93d8f@mail.gmail.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Jeremy Elson wrote: > [ Sent before I subscribed - I think it was silently dropped. > Apologies if you get 2. ] > > > Hi, > > I'm trying to set up a Linux box as a NATting router. But here's the > trick: my box's external interface is on a LAN that has a whole bunch > of routers on it, any of which can be used to access the Internet. > I'm trying to figure out how to configure iptables so that the NAT box > selects the router to use based on client IP address (i.e., the IP > address on the inside interface). > > I've been tinkering with a command like this: > > iptables -t nat -A POSTROUTING -i $INTERNAL_CLIENT_IP -o > external-iface0 -j SNAT --to $EXTERNAL_ROUTER_IP > > ...but it seems that --to controls the new source address given to the > packet (i.e., the router's outside-interface IP), and not the > destination to which the NATted packet is sent. > > Could someone please point me in the right direction? Or is this not possible? I think you can use ipt_route to select the output gateway or interface, NAT should then work after that. Sam