From mboxrd@z Thu Jan 1 00:00:00 1970 From: sean darcy Subject: Howto setup one machine for specific ip pipe? Date: Fri, 27 Feb 2009 19:01:34 -0500 Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: netfilter@vger.kernel.org I have an asterisk voip server in the local network. I have two outgoing connections, a large verizon pipe, and small, low latency pipe from broadview. I'd like traffic generally to use the verizon pipe, but traffic from the voip server should use the low latency broadview pipe. I've set up table 128: ## eth0 is static to broadview ETH0_IP_GATEWAY=xx.yy.zz.ww ETH0_IP_ADDR=xxx.yy.zz.ww1 ip rule delete from $ETH0_IP_ADDR/32 table 128 priority 128 ip rule add from $ETH0_IP_ADDR/32 table 128 priority 128 ## this is the route through broadview gateway ip ip route add default via $ETH0_IP_GATEWAY table 128 ip rule add fwmark 0x1 table 128 prio 126 ip rule add fwmark 0x2 table 128 prio 127 and then set-mark 0x1 to all packets from the voip server: $IPT -t mangle -A PREROUTING -i eth1 \ -s $AST_IP_ADDR -j MARK --set-mark 0x1 But the asterisk server can't access the internet. I assume the problem is that iptable server isn't NAT'ing the voip server. That is, it routes the packet out through the broadview pipe, but doesn't send any of the responses back to the asterisk server. Any help appreciated. sean