From: bill <billt@what.ifelse.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Masquerading as a certain IP
Date: Sat, 07 Apr 2001 08:44:35 +0000 [thread overview]
Message-ID: <marc-lartc-98663306525904@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98643418406475@msgid-missing>
On Fri, 6 Apr 2001, Mike Fedyk wrote:
> On Thu, Apr 05, 2001 at 02:23:12PM -0000, worm@dkik.dk wrote:
> > Hi,
> >
> > > I was just wondering if there's any way to specify what something is
> > > masqueraded AS.
> >
> > Yes, it is described in the ip-cref documentation which is distributed with the
> > ip program. As far as I remember it is done by setting up special NAT rules
> > which NATs to the local address that you want to use for masqgrading.
>
> Ahh, but this is not MASQ, which deals with multiple MASQed hosts on the
> local lan.
>
> You would have to be more specific on how you want to distribute the
> traffic. Here's an example:
>
> src lan dest port 80 mark 1 on incoming chain
>
> mark 1 use table 5
>
> ip ro add default via gw src ip table 5
>
> <repeat>
>
> this would put outgoing traffic on the ip you specify. Note that this won't
> work on traffic generated by the gateway computer.
>
> Also, this is untested, YMMV.
FWIW, we have it set up this way and it works as you say. we use the
firewall marks and iproute2 tables to send some traffic out a 192k dsl
connection for recreational use and some traffic out a t1 for work-related
use. the traffic is routed based on source ip address, and all ips to be
masq'd are on the same 192.168/24 network.
a single, simple masquerade rule in iptables picks the right source
address based on whichever gateway is used. i don't notice and loss in
throughput on either connection.
there are the commands that we use:
ip rule add fwmark 5 lookup dsl_out
ip route add default via $DSL_OUT_GW table dsl_out
ip route flush cache
for i in 52 55 101 102 103 104 (etc...); do
# workstations using the 192k DSL
iptables -t mangle -A PREROUTING \
-s 192.168.5.${i}/24 -d ! $REAL_NET \
-j mark --set-mark 5
done
# all others use T1 (which is the default gw)
iptables -t nat -A POSTROUTING \
-s 192.168.5.0/24 -d ! $REAL_NET \
-j MASQUERADE
where $REAL_NET is our assigned routable ip block
hope this helps...
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
prev parent reply other threads:[~2001-04-07 8:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-04-05 1:41 [LARTC] Masquerading as a certain IP Joel
2001-04-05 8:27 ` Deepak singhal
2001-04-05 8:57 ` Guy Van Den Bergh
2001-04-05 14:23 ` worm
2001-04-07 1:32 ` Mike Fedyk
2001-04-07 5:37 ` Christian Worm Mortensen
2001-04-07 8:44 ` bill [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98663306525904@msgid-missing \
--to=billt@what.ifelse.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox