On Friday 02 May 2003 11:36, Matthieu Turpault wrote: > Hi list, > > I have exactly the same problem and I can't manage with doing my network > work. > > In fact, the NAT postrouting is done *after* the routing. > Consequently, tables fastweb and telecom are never looked. > > I am very interesed by a solution. > > My problem is described at this URL (still no answer): > http://marc.theaimsgroup.com/?l=lartc&m=105049828901812&w=2 > Here is my working solution (sorry for italian..) I separeted routing and nat files. In few words you have to 1)ip rule with fmark!! 2)mark packets with iptables -t mangle 3)SNAT Hope this help. routing: TELECOM_IF=eth0 FASTWEB_IF=eth1 DMZ_IP=eth2 LAN_IF=eth3 TELECOM_IP=192.168.1.237 FASTWEB_IP=192.168.3.1 DMZ_IP=192.168.2.1 LAN_IP=192.168.0.238 TELECOM_NET=192.168.1.0/24 FASTWEB_NET=192.168.3.0/24 DMZ_NET=192.168.2.0/24 LAN_NET=192.168.0.0/24 GW_TELECOM=192.168.1.238 GW_FASTWEB=192.168.3.254 TELECOM_MARK=1 FASTWEB_MARK=2 echo "1 - Creating two additional routing tables" echo ip route del $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP table telecom ip route add $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP table telecom ip route del default via $GW_TELECOM table telecom ip route add default via $GW_TELECOM table telecom ip route del $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP table fastweb ip route add $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP table fastweb ip route del default via $GW_FASTWEB table fastweb ip route add default via $GW_FASTWEB table fastweb echo "2 - Setting Main routing tables" echo ip route del $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP ip route del $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP ip route add $TELECOM_NET dev $TELECOM_IF src $TELECOM_IP ip route add $FASTWEB_NET dev $FASTWEB_IF src $FASTWEB_IP ip route add default via $GW_TELECOM echo "3 - Setting answers from corresponing IPs" echo ip rule del from $TELECOM_IP table telecom ip rule del from $FASTWEB_IP table fastweb ip rule add from $TELECOM_IP table telecom ip rule add from $FASTWEB_IP table fastweb ip route add $LAN_NET dev $LAN_IF table telecom ip route add $FASTWEB_NET dev $FASTWEB_IF table telecom ip route add 127.0.0.0/8 dev lo table telecom ip route add $LAN_NET dev $LAN_IF table fastweb ip route add $TELECOM_NET dev $TELECOM_IF table fastweb ip route add 127.0.0.0/8 dev lo table fastweb ip rule del fwmark 2 table 2 ip rule del fwmark 1 table 1 ip rule add fwmark 2 table 2 ip rule add fwmark 1 table 1 ip route flush cache here is nat file TELECOM_IF=eth0 FASTWEB_IF=eth1 DMZ_IP=eth2 LAN_IF=eth3 TELECOM_IP=192.168.1.237 FASTWEB_IP=192.168.3.1 DMZ_IP=192.168.2.1 LAN_IP=192.168.0.238 TELECOM_NET=192.168.1.0/24 FASTWEB_NET=192.168.3.0/24 DMZ_NET=192.168.2.0/24 LAN_NET=192.168.0.0/24 GW_TELECOM=192.168.1.238 GW_FASTWEB=192.168.3.254 TELECOM_MARK=1 FASTWEB_MARK=2 ############################################################################### ## Funzione ausiliaria che marka e imposta nat imposta_nat() { if test $2 = $TELECOM_IP then local MARK=$TELECOM_MARK else local MARK=$FASTWEB_MARK fi iptables -t mangle -A PREROUTING -s $3$1 -j MARK --set-mark $MARK iptables -t nat -A POSTROUTING -s $3$1 -j SNAT --to-source $2 } ################################################################################ ################### Facciamo Pulizia ######################################## ### Lascio il DNAT di Shorewall ############################################################################# iptables -t nat -F POSTROUTING iptables -t mangle -F ############################################################################## ### Maschero la Dmz con Fastweb altrimenti non risputa i pacchetti ### Potrebbe sputarli verso telecom imposta_nat $DMZ_NET $FASTWEB_IP ############################################################################### ### Maschero la lan con Telecom imposta_nat $LAN_NET $TELECOM_IP ###############################################################################
