Hi Johnny, : I want each of the nics to use there own gateway.. even if it?s the : same on all nic:s... this is because I have bound different services to : the different nics so I can get accurate transfer stats for every nic, : separate ftp traffic from www and mail. Interesting....might I ask why using netfilter (with connection tracking) doesn't give you the sort of accounting you need? I suspect that this would be much simpler than the solution you propose (restricting certain kinds of traffic to specific interfaces). : Eth0 = mail (public ip) : Eth1 = www (public ip) : Eth2 = ftp (public ip) : Eth3 = internal network (private ip) : : Kernel IP routing table : Destination Gateway Genmask Flags Metric Ref Use Iface : 222.144.190.0 0.0.0.0 255.255.255.128 U 0 0 0 eth0 : 222.144.190.0 0.0.0.0 255.255.255.128 U 0 0 0 eth2 : 222.144.190.0 0.0.0.0 255.255.255.128 U 0 0 0 eth1 : 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 : 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo : 0.0.0.0 222.144.190.1 0.0.0.0 UG 0 0 0 eth0 Here's your problem. You have only one routing table. The main routing table. In order to solve this problem in the manner you describe, you'll need to use policy routing. You should become familiar with the concept of the RPDB and multiple routing tables before you can solve this problem. : if I connect to ftp, eth2 incoming traffic goes in on eth2, ftp data : (files and such) goes out eth0. If I surf to my webserver eth1 : incomming requests goes on eth1 but the actuall webpage is sent on : eth0. : : This is not what I want, I want both ftp-data and ftp-command to go in and : out on eth2, www and the actual pages to go in and out on eth1. and mail : to go in and out on eth0. so I want all the nics to use there own gateway. : But I don?t know how to do it... I expect that it would be easier for you to famaliarize yourself with iptables and use the accounting rules than it would be for you to become familiar with policy routing for such a simple problem. : the solution to this is probably trivial but i have tryed all i could : find info on... read the howto on lartc but the closest thing i can : find is : : 4.2. Routing for multiple uplinks/providers : : but that doesnt really apply to my "problem" since i want to use the : same provider, but each nic independently... I wouldn't recommend this solution--but as you note, this was the closest thing you could find. This is not to say that you couldn't specify output interface based on source IP. If you really wish to attempt this solution, write back to the list. I'd suggest using a simpler technique like this: iptables -t filter -I OUTPUT -s $DHCP0 -j ACCEPT iptables -t filter -I OUTPUT -s $DHCP1 -j ACCEPT iptables -t filter -I OUTPUT -s $DHCP2 -j ACCEPT iptables -t filter -I INPUT -s $DHCP0 -j ACCEPT iptables -t filter -I INPUT -s $DHCP1 -j ACCEPT iptables -t filter -I INPUT -s $DHCP2 -j ACCEPT Then, when you need to calculate how much bandwidth was used on each service, you can use iptable -nvL INPUT to see the total amount of bandwidth used in each of these rules. If you are serious about calculating your bandwidth usage, you may find an IP accounting tool is well-suited for your needs. Consider something like iptraf [1] in background mode [2] or ipac-ng [3] (I assume you are running a 2.4 kernel). Best of luck, -Martin [1] http://iptraf.seul.org/ [2] http://iptraf.seul.org/2.7/backop.html [3] http://sourceforge.net/projects/ipac-ng/ http://www.linux.org/apps/AppId_7462.html -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
