From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Internal PC/external Gateway
Date: Sat, 14 May 2005 15:00:05 -0400 [thread overview]
Message-ID: <20050514190005.GA25010@bender.817west.com> (raw)
In-Reply-To: <1116095410.18707.14.camel@debianbox>
On Sat, May 14, 2005 at 09:30:10PM +0300, Sadus . wrote:
> Before continuing, thanks alot for your help.
>
> +------------+
> | | |
> ----+ Provider 1 +-------
> 192.168.1.2 | | 10.2.2.1 | /
> PC1__/ \_ +------+-------+ | +------------+ |
> _/ \__ | | | /
> / \ | 10.2.2.253 | | |
> | Local network -----+Linux GW eth0|- |Internet
> \_ __/ |192.168.0.141 | |
> \__ __/ | | | \
> PC2 \___/ +------+-------+ | +------------+ |
> 192.168.1.3 | | | \
> ----+ Provider 2 +-------
> |192.168.0.173 |
> +------------+
>
> so a little reminder. i just want 192.168.1.3 to take Internet from
> 192.168.0.173
> my GW has as you see has 2 IPs in eth0, and i can reach both of my
> Providers with that setup.
>
> btw, is there any article to read about the priority of rules while
> writing an iptables script?
yeah--first match wins for all terminating targets. a good tutorial in
general is:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
so it looks like we need:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 \
-j SNAT --to 10.2.2.253
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.3 \
-j SNAT --to 192.168.0.141
echo 202 T2 >> /etc/iproute2/rt_tables
ip route add default via 192.168.0.173 table T2
ip rule add from 192.168.1.3 table T2
ip route flush cache
hope this helps...
-j
--
"Spectator #1: Oh my God. I'm so offended. I'm going to do something
about this.
Spectator #2: Mike, there's not really anything you can do.
Spectator #1: Wow, you're right. I guess I'm just going to have to
develop a sense of humor, huh?"
--Family Guy
next prev parent reply other threads:[~2005-05-14 19:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-14 8:59 Internal PC/external Gateway Sadus .
2005-05-14 15:36 ` Jason Opperisano
2005-05-14 16:20 ` Sadus .
2005-05-14 16:41 ` Jason Opperisano
2005-05-14 17:01 ` Sadus .
2005-05-14 17:26 ` Jason Opperisano
2005-05-14 18:30 ` Sadus .
2005-05-14 19:00 ` Jason Opperisano [this message]
2005-05-14 23:52 ` Sadus .
2005-05-16 21:48 ` Jason Opperisano
2005-05-17 12:55 ` Sadus .
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050514190005.GA25010@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox