From: Edmundo Carmona <eantoranz@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: snat to multiple source ip
Date: Tue, 20 Sep 2005 11:24:44 -0400 [thread overview]
Message-ID: <65aa6af90509200824223496a@mail.gmail.com> (raw)
In-Reply-To: <E656E2CC1C5AEB42ACB00EB83122C7742E2CBD@farmer.vikus.com>
The problem for you is that you have a single default gateway:
default via hdsl_default_gateway_ip dev eth0 metric 1
In case you want to use more than one device to route traffic, here's
ours at the office (output taken from ip route show default):
default
nexthop via 201.249.120.1 dev eth1 weight 2
nexthop via 200.109.64.1 dev eth2 weight 1
It requires more than just adding one multipath default route. You
have to set different routing tables for each interface you want to
use... and please, make sure none of them is present in the same
subnetwork (that cause the multipath to NOT war at all... I'm waiting
to one grateful day be accepted in the LARTC mail list to ask about
this).
Anyway.... here's the multipath simplest guide:
http://lartc.org/howto/lartc.rpdb.multiple-links.html
and also, look here:
http://linux-ip.net/html/adv-multi-internet.html
On 9/20/05, Derick Anderson <danderson@vikus.com> wrote:
>
>
> > -----Original Message-----
> > From: netfilter-bounces@lists.netfilter.org
> > [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of
> > Marco Berizzi
> > Sent: Tuesday, September 20, 2005 10:24 AM
> > To: netfilter@lists.netfilter.org
> > Subject: Re: snat to multiple source ip
> >
> > /dev/rob0 wrote:
> >
> > > On Tuesday 20 September 2005 07:39, Marco Berizzi wrote:
> >
> > > the source IP is set by
> > > iproute2 in the routing tables.
> >
> > Ok, I'm not clearly explained.
> > I'm using SNAT to change the source ip address because
> > iproute2 set an ip address that I don't like.
> > So, I have inserted the following line in my firewall script:
> >
> > iptables -t nat -I POSTROUTING -s iproute2_chosen_ip
> > --protocol tcp -j SNAT --to i_want_this_first_ip --to
> > i_want_this_second_ip
> >
> > But everytime I connect to the internet always
> > "i_want_this_first_ip" is chosen to do the SNAT.
>
> Uneducated, lazy guess: the SNAT target supports only one "--to [IP]"
> and the command parser ignores the extraneous "--to [IP2]". You can test
> this by switching the two IPs and see if you go out on a different
> address.
>
> Derick Anderson
>
>
next prev parent reply other threads:[~2005-09-20 15:24 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-20 15:07 snat to multiple source ip Derick Anderson
2005-09-20 15:16 ` Marco Berizzi
2005-09-20 15:24 ` Edmundo Carmona [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-09-26 15:38 Marco Berizzi
2005-09-26 16:10 ` Phil Oester
2005-09-26 16:39 ` Marco Berizzi
2005-09-26 17:47 ` Phil Oester
2005-09-20 19:00 Derick Anderson
2005-09-20 15:25 Harrison, Bruce (CXO)
2005-09-20 15:53 ` Marco Berizzi
2005-09-20 12:39 Marco Berizzi
2005-09-20 12:44 ` Edmundo Carmona
2005-09-20 13:37 ` Marco Berizzi
2005-09-20 13:58 ` /dev/rob0
2005-09-20 14:24 ` Marco Berizzi
2005-09-15 9:59 Marco Berizzi
2005-09-15 12:21 ` /dev/rob0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=65aa6af90509200824223496a@mail.gmail.com \
--to=eantoranz@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.