Re: split traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Omar,

It looks like you want to set a different default route for the 
10.0.0.0/24 network.  This can be done as follows:

# ip route add default via 192.168.1.1 table 1
# ip rule add from 10.0.0.0/24 table 1

Your iptables line should work just dandily.....

I think what you are getting confused about is why your existing route 
doesn't work.  I'd suggest thinking about the name of the chain in the nat 
table:  POSTROUTING!!

Unless routing table 1 contains something else, there's no explicit 
instruction for the outbound packets from 10.0.0.0/24.  Add a default 
route to that table, and you should have a better solution.

Check out "Multiple Connections to the Internet" in  Chapter 7 in my 
guide (which is still in the process of being written):

  http://plorf.net/linux-ip/

Good luck,

-Martin

 : I have the next network:
 : 
 : 
 : Users LAN                    Servers   LAN 
 : (10.0.0.0/24                (mail and web [200.30.57.32/24]
 : web surf main activity)       homologated ip's)
 : |                                |
 : |                                | 
 : |                                |
 : |                                | 
 : |________________________________| 
 :                   |
 : eth1:1 10.0.0.138 |      eth1 200.30.57.33
 :                   |
 :           {Linux Firewall. kernel 2.4.18}
 :                   |
 :      eth2         |      eth0 200.30.53.22/30
 :     192.168.1.2/30|
 :                   |
 :   _______________/ \______________
 :  |                                |
 :  |                                |
 : {adsl router}               {Cisco router}  200.30.53.21/30
 :  |192.168.1.1                     |
 :  |(phone line)                    |(DS0)
 :  |                                |
 :  |                                |
 : {   --------   Internet -------    }
 : 
 : 
 : 
 : 
 : A network with two links to internet: a DS0 and an adsl.
 : 
 : I want that servers with homologated ip's go via the DS0, and end users,
 : with 10.0.0.0 addresses go via adsl. Both links through the same
 : firewall.
 : 
 : Also, end users must have Nat, and servers dont. For this i use:
 : iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth2 -j MASQUERADE
 : 
 : The default gateway in the firewall is the cisco router, my question is:
 : How can I make to force packets from 10.0.0.0 go via eth2(192.168.1.2) ?
 : 
 : 
 : I imagine something like:
 : 
 : ip route add 192.168.1.1/30 via 192.168.1.2 table 1
 : ip rule add from 10.0.0.0/24 table 1 
 : 
 : 
 : But doesn't work. What'd be the correct way to do it?
 : 
 : 
 : Omar
 : 
 : 
 : 
 : 
 : 
 : 
 : 
 : _______________________________________________
 : LARTC mailing list / LARTC@mailman.ds9a.nl
 : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 : 

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux