From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dashamir Hoxha <dasho@ma-isp.com>
Date: Sat, 14 Oct 2006 09:29:31 +0000
Subject: Re: [LARTC] Two outbound internet links, using one network interface
Message-Id: <4530ADFB.6010202@ma-isp.com>
List-Id: <lartc.vger.kernel.org>
References: <45266C57.4010106@ma-isp.com>
In-Reply-To: <45266C57.4010106@ma-isp.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Dashamir Hoxha wrote:
> Pio Mendez wrote:
>>
>>  
>>
>>     >Pio Mendez wrote:
>>     >>PREROUTING chain is not traversed by local traffic, but OUTPUT
>>     >>chain does.
>>     >
>>     >I think that OUTPUT is traversed after routing decision is 
>> taken, so
>>     >it is still the same problem.
>>
>>
>>     I'm using OUTPUT chain in production environment to balance squid
>>     box traffic between 2 ISP, so I'm sure that you can reroute output
>>     packets using mangle OUTPUT chain.
>>
>>     After traversing mangle and nat OUTPUT chains there is another
>>     routing process. Please check this diagram:
>>
>>     http://www.imagestream.com/~josh/PacketFlow.png
>>     <http://www.imagestream.com/%7Ejosh/PacketFlow.png>
>>
> Pio Mendez is right. I have just tested it and it works.
If I use:
     iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
instead of:
     iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT 
--to-source $IP2
     iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1
it seems not to work. So, maybe I didn't test it properly and actualy
it doesn't work. Anyway, it is not so important.

Dashamir

> Now the script becomes something like this:
>
> -------------8<----------------------------------
> ip link set eth0 up
> ip address flush eth0
> ip address add $IP1 dev eth0
> ip address add $IP2 dev eth0
>
> route add to default via $GATEWAY1
>
> ip route flush table 2
> ip route show table main | grep -Ev ^default \
> | while read ROUTE ; do ip route add table 2 $ROUTE ; done
> ip route add table 2 default via $GATEWAY2
>
> ip rule del fwmark 2 table 2   2>/dev/null
> ip rule add fwmark 2 table 2
>
> iptables -t mangle -N MARK-RULES
> iptables -t mangle -A PREROUTING -j MARK-RULES
> iptables -t mangle -A OUTPUT -j MARK-RULES
>
> PORT_LIST="22 53"
> for PORT in $PORT_LIST
> do
> iptables -t mangle -A MARK-RULES -m tcp -p tcp -dport $PORT -j MARK 
> --set-mark 0x2
> done
>
> iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT 
> --to-source $IP2
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1
> ------------8<---------------------------------
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc