hi list, i need help i have two links LINK 1 Internet Linux ---- LAN LINK 2 i need that the traffic web goes to link 2 i use squid in the linux with transparent proxy i´ve tried to use squid parameter "tcp_outgoing_address" but it doesnt work. best regards -- --------------------------------------------------- Fabio S. Silva fabiofoz@gmail.com
Fabio Silva wrote:> hi list, i need help > i have two links > > LINK 1 > Internet Linux ---- LAN > LINK 2 > > > i need that the traffic web goes to link 2 > i use squid in the linux with transparent proxy i´ve tried to use > squid parameter "tcp_outgoing_address" but it doesnt work.I don''t know about squid, but this should do it. --------BEGIN-------- # this is untested, so be sure to look at it closely # make a chain for marking packets iptables -t mangle -N link2 iptables -t mangle -A link2 -j mark --set-mark 0x08 # 8 is arbitrary iptables -t mangle -A link2 -j ACCEPT # send http traffic to that chain iptables -t mangle -A PREROUTING \ -m multiport -p tcp --dport www,https -j link2 # set a rule for packets marked with "8" to go to table 8 ip rule add fwmark 8 table 8 # set up the default route for table 8 # replace $LINK2_GW with the gateway for link2 (at your ISP) # replace $LINK2_DEV with the interface of link2 (eth1 or eth2, etc.) ip route add default via $LINK2_GW dev $LINK2_DEV table 8 --------END-------- You may need to set up SNAT or masquerade separately for link2. If you need help with that, I''ll send a sample. -Corey
> if you cold send it to me... thanks.. :DIt''s actually pretty easy -- you just need to specify that all traffic going out that particular interface should be NATted. The only consideration, if you know you need to do NAT, is whether to use SNAT or MASQUERADE. Again, these are untested and off the top of my head. If you have a static IP: iptables -t nat -A POSTROUTING -j SNAT --to-source $LINK2_IP If you have a dynamic IP: iptables -t nat -A POSTROUTING -j MASQUERADE See the iptables manpage for why MASQUERADE should be used for dynamic IPs. -Corey
Fabio Silva wrote:> Corey , > > sorry, but, i need to make this and my server has proxy transparent > can you give an aid to me with this?I''m sorry, but I don''t understand your question. I understand if English isn''t your native language, but I can''t tell what you mean here. Also, please keep this discussion on the lartc mailing list. Usually this means using the "reply to all" function of your email program. There''s a chance you''ll ask a question that could be better answered by another member of the mailing list, and it''s also quite possible that I''ll make a mistake and somebody will correct me. -Corey