thr3ads.net - LARTC - (no subject) [Apr 2003]

If this information is useful, please help other people find it:
Share via:

larry lefthook

2003-Apr-21 19:30 UTC

(no subject)

192.168.100.0/24  LAN1---eth1 LINUX eth0------ISP1
                            |       |
192.168.200.0/24  LAN2---eth3       eth2------ISP2

eth0 192.168.10.2
eth2 192.168.20.2

Is this enough if I want all traffic from LAN1 go to ISP1 & LAN2 to ISP2?
Or do I have to do packet marking? Problems with SNAT?

echo 100 LAN1 >> /etc/iproute2/rt_tables
ip rule add from 192.168.100.0/24 table LAN1
ip route add default via 192.168.10.2 dev eth0 table LAN1

echo 200 LAN2 >> /etc/iproute2/rt_tables
ip rule add from 192.168.200.0/24 table LAN2
ip route add default via 192.168.20.2 dev eth0 table LAN2
ip route flush cache

# SNAT LANs 1 & 2
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.2
iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.20.2
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth3 -j ACCEPT

echo 1 > /proc/sys/net/ipv4/ip_forward







_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Martin A. Brown

2003-Apr-21 20:24 UTC

head link

Re: (no subject)

Larry,

 : 192.168.100.0/24  LAN1---eth1 LINUX eth0------ISP1
 :                             |       |
 : 192.168.200.0/24  LAN2---eth3       eth2------ISP2
 :
 : eth0 192.168.10.2
 : eth2 192.168.20.2
 :
 : Is this enough if I want all traffic from LAN1 go to ISP1 & LAN2 to ISP2?
 : Or do I have to do packet marking? Problems with SNAT?

Yes, indeed.

 : echo 100 LAN1 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.100.0/24 table LAN1
 : ip route add default via 192.168.10.2 dev eth0 table LAN1
 :
 : echo 200 LAN2 >> /etc/iproute2/rt_tables
 : ip rule add from 192.168.200.0/24 table LAN2
 : ip route add default via 192.168.20.2 dev eth0 table LAN2
 : ip route flush cache

I think you meant to add the following default route:

  ip route add default via 192.168.20.2 dev eth2 table LAN2

Right?

 : # SNAT LANs 1 & 2
 : iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.10.2
 : iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.20.2
 : iptables -A FORWARD -i eth1 -j ACCEPT
 : iptables -A FORWARD -i eth3 -j ACCEPT
 :
 : echo 1 > /proc/sys/net/ipv4/ip_forward

Looks like it should work just fine.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Apr 2003 - (no subject)

(no subject)

Re: (no subject)