I Think you´re right, but there´s one problem. I need to NAT/MASQ the address , it´s getting out in a RFC1918 address. I have tried marking the packets originated by the router with fwmark, but I can only do this in the OUTPUT chain, and then I can no longer NAT/MASQ them. I tried this: $IF1=eth0 $IF2=eth1 $IP1=10.1.1.2 $IP2=XXX.XXX.X.XXX $P1=10.1.1.1 $P2=XXX.XXX.X.XXX $P1_NET=10.1.1.0 $P2_NET=XXX.XXX.X.XXX #Create two tables with the local routes /sbin/ip route add $P1_NET dev $IF1 src $IP1 table net_hom /sbin/ip route add $P2_NET dev $IF2 src $IP2 table net_emp #Create two default routes (one on each table) and choose one to figure in table main /sbin/ip route add default via $P1 table net_hom /sbin/ip route add default via $P2 table net_emp /sbin/ip route del default /sbin/ip route add default via $P1 #Create the outgoing routes /sbin/ip route add $P1_NET dev $IF1 src $IP1 /sbin/ip route add $P2_NET dev $IF2 src $IP2 #Populate the tables with routes /sbin/ip route show table main | grep -Ev ^default | while read ROUTE ; do \ /sbin/ip route add table net_emp $ROUTE ; \ done /sbin/ip route show table main | grep -Ev ^default | while read ROUTE ; do \ /sbin/ip route add table net_hom $ROUTE ; \ done #Create the rules to direct some of the internal hosts (the ones that shoud go to eth1) to the correct route /sbin/ip rule add from 192.168.0.1 table net_emp && \ /sbin/ip rule add from 192.168.0.2 table net_emp && \ /sbin/ip rule add from 192.168.0.3 table net_emp && \ /sbin/ip rule add from 192.168.0.4 table net_emp && \ /sbin/ip rule add from 192.168.0.5 table net_emp && \ /sbin/ip rule add from 192.168.0.6 table net_emp && \ /sbin/ip rule add from 192.168.0.7 table net_emp && \ /sbin/ip rule add from 192.168.0.8 table net_emp && \ /sbin/ip rule add from 192.168.0.9 table net_emp && \ /sbin/ip rule add from 192.168.0.10 table net_emp #Create the rules to direct traffic from eth1 out to eth1 and from eth0 out to eth0 /sbin/ip rule add from $IP1 table net_hom && \ /sbin/ip rule add from $IP2 table net_emp Questions: 1 - Do you think I´m right? Should this work? 2 - How can I verify if this is working? TCPDUMP?, Is there na /sbin/ip option to verify this? 3 - Is the sintax correct? Thanks a lot. Marcelo de Azevedo Rosa Consultor/Instrutor em Tecnologias de Rede Network Technologies Consultant/Instructor - CCDA/CCNA/MCNE/CCSI Fone: 55 41 344-1262/41-9154-3696 ICQ: 45543362/MSN: marcelorosa@xxxxxxxxxxx/Yahoo: marcelorosa2000/AIM: watcher2110 ***-----Original Message----- ***From: lartc-admin@xxxxxxxxxxxxxxx ***[mailto:lartc-admin@xxxxxxxxxxxxxxx] On Behalf Of Damion de Soto ***Sent: Thursday, February 05, 2004 3:40 AM ***To: Marcelo Rosa ***Cc: lartc@xxxxxxxxxxxxxxx ***Subject: Re: Direct SQUID Traffic to eth0 *** : *** ***ip route add 0/0 via eth2-gw-IP table 1 ***ip rule add pref 1000 from eth2-gw-IP lookup 1 ***ip route add default nexthop via eth2-gw-IP dev eth2 ***ip route add 0/0 via eth1-gw-IP table 2 ***ip rule add pref 1001 from eth1-gw-IP lookup 2 ***ip rule add pref 1002 from eth3-single-IP lookup 2 *** *** *** ***-- ***~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ***Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx ***SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 *** | Custom Embedded Solutions fax: +61 7 3891 3630 *** | and Security Appliances web: http://www.snapgear.com ***~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *** --- Free Embedded Linux Distro at http://www.snapgear.org --- *** ***_______________________________________________ ***LARTC mailing list / LARTC@xxxxxxxxxxxxxxx ***http://mailman.ds9a.nl/mailman/listinfo/lartc ***HOWTO: ***http://lartc.org/ *** _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
