-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 06 April 2003 17:56, GoMi . scrawled: > Hi there, since i failed to shape traffic due to p2p programs, i am > thinking about splitting my internet connection. Here is the scenario once > again for those who haven't red any of my emails :) > > ______ > <hub1> <-------> |Switch| ______ > > | | | | eth0 > > <hub2> <-------> | | |Linux | <----------> Router ADSL1 > . | | eth3 | |192.168.3.5 192.168.3.6 > . | | <-----> | Box | > . | |192.169.1.1| | eth2 > . | | | | <----------> Router ADSL2 > <hub24> <------> |______| |______|192.168.4.2 192.168.4.1 > > I wanto to have one ADSL only for web/mail/ssh/etc.. and the other one only > for massive downloads. > > The problem comes with connection tracking, it looks like its not working, > probably i am doing something wrong. Where is connection_tracking being > done, in the POSTROUTING or in the PREROUTING chain? i do my SNAT depending > on the --destination-port option, and i am using a stateful firewall, > anyone having the same troble, anyone can light me up? :) > > PD: Sorry for my poor english :) > > ################################################## > ## SNAT > ## > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport > 0:1024 -j SNAT --to 192.168.3.5 > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p udp --dport > 0:1024 -j SNAT --to 192.168.3.5 > > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p tcp --dport > 1024: -j SNAT --to 192.168.4.2 > iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/16 -p udp --dport > 1024: -j SNAT --to 192.168.4.2 > > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -j SNAT --to > 192.168.3.5 > > > #################################################### > ## Stateful Firewall > ## > > iptables -t filter -N keep_state > iptables -t filter -A keep_state -m state --state > RELATED,ESTABLISHED -j ACCEPT > iptables -t filter -A keep_state -j RETURN > > iptables -t nat -N keep_state > iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED > -j ACCEPT > iptables -t nat -A keep_state -j RETURN > > iptables -t nat -A PREROUTING -j keep_state > iptables -t nat -A POSTROUTING -j keep_state > iptables -t nat -A OUTPUT -j keep_state > > iptables -t filter -A INPUT -j keep_state > iptables -t filter -A OUTPUT -j keep_state > iptables -t filter -A FORWARD -j keep_state > > > _________________________________________________________________ > Charla con tus amigos en línea mediante MSN Messenger: > http://messenger.yupimsn.com/ > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ hi, you are SNATting outgoing traffic on eth0 with the IP address of eth2 (192.168.4.2) and vice versa. > iptables -t nat -A POSTROUTING -o eth2 -s 192.168.1.0/16 -p tcp --dport > 0:1024 -j SNAT --to 192.168.3.5 typo or this was the error?? thanks, ashok - -- - ----------------------------------------------------------------------------- My public key: gpg --recv-keys --keyserver blackhole.pca.dfn.de DCB44F2E - ----------------------------------------------------------------------------- "...there is nothing so unnatural as the commonplace." Sir Arthur Conan Doyle in "Adventures of Sherlock Holmes: A Case of Identity" - ----------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+kPAZRhXpVty0Ty4RAiHmAKDeh/43Uao6fTdYmj2+7EiXpyzzlACeNo7E zLCuLmTsRKUVcbI1wca7mp0= =XA1n -----END PGP SIGNATURE-----
