From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Rabbitson Date: Thu, 25 Oct 2007 21:25:00 +0000 Subject: Re: [LARTC] One machine, two net feeds, outbound route selection Message-Id: <472109AC.8040803@rabbit.us> List-Id: References: <59f980d60710241725p5ca9cca2ueb5edc12675f62e3@mail.gmail.com> In-Reply-To: <59f980d60710241725p5ca9cca2ueb5edc12675f62e3@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Ben Scott wrote: > On 10/25/07, Peter Rabbitson wrote: >> Unfortunately not easy without doing local NAT (from the local interface >> to another local interface). > > I thought that might be the case. I even started to write a rule > about how the NAT might work... but then I ran into brain pain trying > to figure out how, because I didn't know when the packets get what > address/interface info assigned to them, and I didn't know how SNAT > would interact with the routing tables. Normally, I do SNAT in the > POSTROUTING chain, but by then the routing rules have already run, > right? So the packet would still be bound for the wrong interface, > even if the source address is translated. No? > I was not thorough enough. The NAT is necessary in order to make the packet come back through the link/interface you want (because as I noted previously you do not have control over the choice of a source address). Once this is out of the way the only problem is how to make an already routed packet to leave via a different interface. One way to do this is the ROUTE target: http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html#ss4.5 There might also be other ways to do this, but I never investigated, as this is a mostly theoretical exercise. Peter _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc