From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
Date: Mon, 21 Apr 2003 20:24:51 +0000
Subject: Re: [LARTC] (no subject)
Message-Id: <marc-lartc-105095795225048@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-98373938216902@msgid-missing>
In-Reply-To: <marc-lartc-98373938216902@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


Larry,

 : 192.168.100.0/24  LAN1---eth1 LINUX eth0------ISP1
 :                             |       |
 : 192.168.200.0/24  LAN2---eth3       eth2------ISP2
 :
 : eth0 192.168.10.2
 : eth2 192.168.20.2
 :
 : Is this enough if I want all traffic from LAN1 go to ISP1 & LAN2 to ISP2?
 : Or do I have to do packet marking? Problems with SNAT?

Yes, indeed.

 : echo 100 LAN1 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.100.0/24 table LAN1
 : ip route add default via 192.168.10.2 dev eth0 table LAN1
 :
 : echo 200 LAN2 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.200.0/24 table LAN2
 : ip route add default via 192.168.20.2 dev eth0 table LAN2
 : ip route flush cache

I think you meant to add the following default route:

  ip route add default via 192.168.20.2 dev eth2 table LAN2

Right?

 : # SNAT LANs 1 & 2
 : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.2
 : iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.20.2
 : iptables -A FORWARD -i eth1 -j ACCEPT
 : iptables -A FORWARD -i eth3 -j ACCEPT
 :
 : echo 1 > /proc/sys/net/ipv4/ip_forward

Looks like it should work just fine.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/