Thanks for the help! I found out the using policy routing I can accomplish the task. However I have some other question. As I now the routing decision takes place before the SNAT is performed. So, if a client is going to be SNAT-ed to $INET_IP_2, I must make sure that I have a rule for it set with "ip rule". In order to avoid writing 2 lines of code for each client (one for ip rule and one for SNAT) I came with this idea: #------set the 2 routing tables-------- /sbin/ip rule add fwmark 1 table tbl_1 /sbin/ip rule add fwmark 2 table tbl_2 #------set the SNAT rules----------- iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to-source $INET_IP_1 iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source $INET_IP_2 #-------mark the traffic (1 or 2) for choosing the ISP connection-------- $IPTABLES -t mangle -A PREROUTING -p tcp -s 172.17.11.38 -d \! 172.17.0.0/16 -j MARK --set-mark 2 $IPTABLES -t mangle -A PREROUTING -p tcp -s 172.17.11.40 -d \! 172.17.0.0/16 -j MARK --set-mark 1 $IPTABLES -t mangle -A PREROUTING -p tcp -s 192.168.0.45 -d \! 172.17.0.0/16 -j MARK --set-mark 1 Everything works fine! Now I want to go even further and make all the P2P traffic follow a third ISP connection. So a third routing table, a third mark, etc. This traffic can be generated from clients that already have the mark set to 1 or 2... What will happen if I set the mark to 3 based on the service type and not on the source IP? Which one takes precedence? I have the ipp2p module up and running. But, as far as I understood in order to mark the P2P traffic, you should mark the connection, not only the packets. iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p --bit --apple -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark With this code I am able to block all the P2P traffic...???? I don't know why... Can you help me with this? (I set up correctly the third connection, routing tables, ip rule, etc) Thanks again in advance, Mihai Vlad -----Original Message----- From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On Behalf Of gypsy Sent: Friday, May 28, 2004 5:21 AM To: Mihai Vlad Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: 2 Gateways Mihai Vlad wrote: > Is there a way to tell the routing table that every request that has the > source address $INET_IP_1 > follow the $GW_1, and every request that has the source address $INET_IP_2 > follow the $GW_2? > > Thanks in advance, > Mihai Vlad Unless I'm missing something really obvious, start here http://lartc.org/howto/lartc.rpdb.html and then read http://www.linux-ip.net/html/adv-multi-internet.html http://www.linux-ip.net/html/ch-routing.html and finally, google "martin brown lartc changing default route" and read the messages in that thread. _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
