On Fri, 6 Apr 2001, Mike Fedyk wrote:
> On Thu, Apr 05, 2001 at 02:23:12PM -0000, worm@xxxxxxx wrote:
> > Hi,
> >
> > > I was just wondering if there's any way to specify what something is
> > > masqueraded AS.
> >
> > Yes, it is described in the ip-cref documentation which is distributed with the
> > ip program. As far as I remember it is done by setting up special NAT rules
> > which NATs to the local address that you want to use for masqgrading.
>
> Ahh, but this is not MASQ, which deals with multiple MASQed hosts on the
> local lan.
>
> You would have to be more specific on how you want to distribute the
> traffic. Here's an example:
>
> src lan dest port 80 mark 1 on incoming chain
>
> mark 1 use table 5
>
> ip ro add default via gw src ip table 5
>
> <repeat>
>
> this would put outgoing traffic on the ip you specify. Note that this won't
> work on traffic generated by the gateway computer.
>
> Also, this is untested, YMMV.
FWIW, we have it set up this way and it works as you say. we use the
firewall marks and iproute2 tables to send some traffic out a 192k dsl
connection for recreational use and some traffic out a t1 for work-related
use. the traffic is routed based on source ip address, and all ips to be
masq'd are on the same 192.168/24 network.
a single, simple masquerade rule in iptables picks the right source
address based on whichever gateway is used. i don't notice and loss in
throughput on either connection.
there are the commands that we use:
ip rule add fwmark 5 lookup dsl_out
ip route add default via $DSL_OUT_GW table dsl_out
ip route flush cache
for i in 52 55 101 102 103 104 (etc...); do
# workstations using the 192k DSL
iptables -t mangle -A PREROUTING \
-s 192.168.5.${i}/24 -d ! $REAL_NET \
-j mark --set-mark 5
done
# all others use T1 (which is the default gw)
iptables -t nat -A POSTROUTING \
-s 192.168.5.0/24 -d ! $REAL_NET \
-j MASQUERADE
where $REAL_NET is our assigned routable ip block
hope this helps...
