I've read the howto but i still can't let thinghs go in the right way
My box has 4 nic.
2 internet connection eth0,eth1
1 dmz eth2
1 lan eth3
I would like to nat the internal lan wih one of the 2 ISP.
For my tests i created a script to switch the entire lan from one to the
other (i know it's redundand ....del...add.)
The problem is that NAT is done only if i set the default gateway (in the
main table)
I have set the 2 default gateways in the other 2 tables but it seems not to
consider them.
if i set default gateway to ISP1 and set nat rules to go with ISP2 it
doesn't work!!!
Why???
my future plan are to let some client go with ISP1 and other with ISP2
Please Help!!!
Any hint apreciated!!
Here is my (long) config.
Bye
xchris
eth0 Link encap:Ethernet HWaddr 00:04:76:25:07:D9
inet addr:192.168.1.237 Bcast:192.168.1.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:04:76:25:07:3D
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
eth2 Link encap:Ethernet HWaddr 00:04:76:25:07:67
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
eth3 Link encap:Ethernet HWaddr 00:04:76:25:07:73
inet addr:192.168.0.238 Bcast:192.168.0.255 Mask:255.255.255.0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
Here is my script (just basic... to test routing.. there's no firewall at
all)
it's done to act this way
script 1 -->all lan go with ISP 1
script 2 -->all lan go with ISP 2
echo 1 > /proc/sys/net/ipv4/ip_forward
route del default
IF3=eth3
IF1=eth0
IF2=eth1
IP1=192.168.1.237
IP2=192.168.3.1
IP3=192.168.0.238
GW1=192.168.1.238
GW2=192.168.3.254
P1_NET=192.168.1.0/24
P2_NET=192.168.3.0/24
P3_NET=192.168.0.0/24
echo "1 - Creating two additional routing tables"
echo
ip route del $P1_NET dev $IF1 src $IP1 table telecom
ip route add $P1_NET dev $IF1 src $IP1 table telecom
echo 1
ip route del default via $GW1 table telecom
ip route add default via $GW1 table telecom
echo 2
ip route del $P2_NET dev $IF2 src $IP2 table fastweb
ip route add $P2_NET dev $IF2 src $IP2 table fastweb
echo 3
ip route del default via $GW2 table fastweb
ip route add default via $GW2 table fastweb
echo "2 - Setting Main routing tables"
echo
ip route del $P1_NET dev $IF1 src $IP1
ip route del $P2_NET dev $IF2 src $IP2
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $GW2
echo "3 - Setting answers from corresponing IPs"
echo
ip rule del from $IP1 table telecom
ip rule del from $IP2 table fastweb
ip rule add from $IP1 table telecom
ip rule add from $IP2 table fastweb
ip route add $P3_NET dev $IF3 table telecom
ip route add $P2_NET dev $IF2 table telecom
ip route add 127.0.0.0/8 dev lo table telecom
ip route add $P3_NET dev $IF3 table fastweb
ip route add $P1_NET dev $IF1 table fastweb
ip route add 127.0.0.0/8 dev lo table fastweb
if test $1 -eq 2
then
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j
SNAT --to-source $IP2
else
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j
SNAT --to-source $IP1
fi
my /etc/iproute2/rt_tables#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 telecom
2 fastweb
ip rule
0: from all lookup local
32764: from 192.168.3.1 lookup fastweb
32765: from 192.168.1.237 lookup telecom
32766: from all lookup main
32767: from all lookup default
ip route
192.168.3.0/24 dev eth1 scope link src 192.168.3.1
192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 scope link src 192.168.1.237
192.168.0.0/24 dev eth3 proto kernel scope link src 192.168.0.238
default via 192.168.3.254 dev eth1
ip route table telecom
192.168.3.0/24 dev eth1 scope link
192.168.1.0/24 dev eth0 scope link src 192.168.1.237
192.168.0.0/24 dev eth3 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.238 dev eth0
ip route table fastweb
192.168.3.0/24 dev eth1 scope link src 192.168.3.1
192.168.1.0/24 dev eth0 scope link
192.168.0.0/24 dev eth3 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.3.254 dev eth1
