Cytowanie guillaume <guillaume.riviere@xxxxxxxxxx>:
> Dear all Lartc,
> I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian
> sarge) 3 NIC router,
> I want all my users conneted with ISP1 and just some IP connected with ISP2
> Here is my configuration:
[cut out a part]
I would suggest slight change in fw rules below
# special rules for some IPs to go on second ISP
iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34
# SNAT RULES
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4
iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8
and trying the script below. It was taken from my Multipath/Policy routing case
by wipeing out a multipath part, so its is lsightly too much, but I suppose (I
didn't check) it should work.
It is supposed to seamlesly integrate with multipath routing that's why so big,
the idea behind is:
1. remove default routing from main table,
2. take care of routing from correct interface (correctness of source IP/ source
interface pair),
3. policy routing of selected clients (table 210)
4. default routing of the others (table 211)
Of course you can leave it for the main table, but for the sake of example
i left it this way.
Hope it can help.
--- cut here ----
#!/bin/bash
# CONFIGURATION
IP=/sbin/ip
PING=/bin/ping
#--------------- LINK PART -----------------
# EXTIFn - interface name
# EXTIPn - outgoing IP
# EXTMn - netmask length (bits)
# EXTGWn - outgoing gateway
#-------------------------------------------
# LINK 1 -
EXTIF1=
EXTIP1=
EXTM1=
EXTGW1=
# LINK 2 -
EXTIF2=
EXTIP2=
EXTM2=
EXTGW2=
#ROUTING PART
# removing old rules and routes
echo "removing old rules"
${IP} rule del prio 50 table main
${IP} rule del prio 201 from ${EXTIP1}/${EXTM1} table 201
${IP} rule del prio 202 from ${EXTIP2}/${EXTM2} table 202
${IP} rule del prio 210 fwmark 22 table 210
${IP} rule del prio 221 table 221
echo "flushing tables"
${IP} route flush table 201
${IP} route flush table 202
${IP} route flush table 210
${IP} route flush table 221
echo "removing tables"
${IP} route del table 201
${IP} route del table 202
${IP} route del table 210
${IP} route del table 221
case $1 in
stop) exit
;;
esac
# setting new rules
echo "Setting new routing rules"
# main table w/o default gateway here
${IP} rule add prio 50 table main
${IP} route del default table main
# identified routes here
${IP} rule add prio 201 from ${EXTIP1}/${EXTM1} table 201
${IP} rule add prio 202 from ${EXTIP2}/${EXTM2} table 202
${IP} route add default via ${EXTGW1} dev ${EXTIF1} src ${EXTIP1} proto static
table 201
${IP} route append prohibit default table 201 metric 1 proto static
${IP} route add default via ${EXTGW2} dev ${EXTIF2} src ${EXTIP2} proto static
table 202
${IP} route append prohibit default table 202 metric 1 proto static
# selected clients / select by fwmark=34
${IP} rule add prio 210 fwmark 22 table 210
# others
${IP} rule add prio 221 table 221
${IP} route add default table 210 proto static \
via ${EXTGW2} dev ${EXTIF2} src ${EXTIP2}
${IP} route add default table 221 proto static \
via ${EXTGW1} dev ${EXTIF1} src ${EXTIP1}
${IP} route flush cache
--
Robert Kurjata mailto:rkurjata@xxxxxxxxxxxxx
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
