Robert Kurjata wrote:
Cytowanie guillaume <guillaume.riviere@xxxxxxxxxx>:
Dear all Lartc,
I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router,
I want all my users conneted with ISP1 and just some IP connected with ISP2
Here is my configuration:
[cut out a part]
I would suggest slight change in fw rules below
# special rules for some IPs to go on second ISP iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34
# SNAT RULES
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4 iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8
and trying the script below. It was taken from my Multipath/Policy routing case
by wipeing out a multipath part, so its is lsightly too much, but I suppose (I
didn't check) it should work. It is supposed to seamlesly integrate with multipath routing that's why so big,
the idea behind is:
1. remove default routing from main table,
2. take care of routing from correct interface (correctness of source IP/ source
interface pair),
3. policy routing of selected clients (table 210)
4. default routing of the others (table 211)
Of course you can leave it for the main table, but for the sake of example
i left it this way.
Hope it can help.
[cut out a part]
Dear Robert,
I try this script (adapted for my network) and I get the same problem:
All my IP routed on my first ISP, no problem
With my 10.117.71.1 routed on my second ISP,
I can connect to my ISP network (I can connect to the gateway website on 5.6.7.9) but
I cannot ping any external IP addresses.
Do I have to apply some pach to my 2.6.8 kernel ? I really doesn't know how to invastigate more on this problem.
In any cases, thank you for this script, Guillaume _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
