From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dashamir Hoxha Date: Fri, 13 Oct 2006 07:01:45 +0000 Subject: Re: [LARTC] Two outbound internet links, using one network interface Message-Id: <452F39D9.6090101@ma-isp.com> List-Id: References: <45266C57.4010106@ma-isp.com> In-Reply-To: <45266C57.4010106@ma-isp.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Pio Mendez wrote: > > > > >Pio Mendez wrote: > >>PREROUTING chain is not traversed by local traffic, but OUTPUT > >>chain does. > > > >I think that OUTPUT is traversed after routing decision is taken, so > >it is still the same problem. > > > I'm using OUTPUT chain in production environment to balance squid > box traffic between 2 ISP, so I'm sure that you can reroute output > packets using mangle OUTPUT chain. > > After traversing mangle and nat OUTPUT chains there is another > routing process. Please check this diagram: > > http://www.imagestream.com/~josh/PacketFlow.png > > Pio Mendez is right. I have just tested it and it works. Now the script becomes something like this: -------------8<---------------------------------- ip link set eth0 up ip address flush eth0 ip address add $IP1 dev eth0 ip address add $IP2 dev eth0 route add to default via $GATEWAY1 ip route flush table 2 ip route show table main | grep -Ev ^default \ | while read ROUTE ; do ip route add table 2 $ROUTE ; done ip route add table 2 default via $GATEWAY2 ip rule del fwmark 2 table 2 2>/dev/null ip rule add fwmark 2 table 2 iptables -t mangle -N MARK-RULES iptables -t mangle -A PREROUTING -j MARK-RULES iptables -t mangle -A OUTPUT -j MARK-RULES PORT_LIST="22 53" for PORT in $PORT_LIST do iptables -t mangle -A MARK-RULES -m tcp -p tcp -dport $PORT -j MARK --set-mark 0x2 done iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT --to-source $IP2 iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1 ------------8<--------------------------------- _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc