Hello guillaume, Saturday, September 4, 2004, 12:44:04 PM, you wrote: g> guillaume wrote: >> Robert Kurjata wrote: >> >>> Cytowanie guillaume <guillaume.riviere@xxxxxxxxxx>: >>> >>> >>> >>>> Dear all Lartc, >>>> I try to split my Internet access to my 2 ISP with 1 linux >>>> (GNU/Debian sarge) 3 NIC router, >>>> I want all my users conneted with ISP1 and just some IP connected >>>> with ISP2 >>>> Here is my configuration: >>>> >>> >>> >>> [cut out a part] >>> >>> I would suggest slight change in fw rules below >>> >>> # special rules for some IPs to go on second ISP >>> iptables -t mangle -A PREROUTING -s 10.117.71.1 -j MARK --set-mark 34 >>> >>> # SNAT RULES >>> >>> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 1.2.3.4 >>> iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 5.6.7.8 >>> >>> and trying the script below. It was taken from my Multipath/Policy >>> routing case >>> by wipeing out a multipath part, so its is lsightly too much, but I >>> suppose (I >>> didn't check) it should work. It is supposed to seamlesly integrate >>> with multipath routing that's why so big, >>> the idea behind is: >>> 1. remove default routing from main table, >>> 2. take care of routing from correct interface (correctness of source >>> IP/ source >>> interface pair), >>> 3. policy routing of selected clients (table 210) >>> 4. default routing of the others (table 211) >>> Of course you can leave it for the main table, but for the sake of >>> example >>> i left it this way. >>> >>> Hope it can help. >>> >>> >> [cut out a part] >> >> >> Dear Robert, >> >> I try this script (adapted for my network) and I get the same problem: >> >> All my IP routed on my first ISP, no problem >> With my 10.117.71.1 routed on my second ISP, >> I can connect to my ISP network (I can connect to the gateway website >> on 5.6.7.9) but >> I cannot ping any external IP addresses. g> I also test a DNAT rule to access to my internal network with my second g> ISP external g> IP ... And it works fine, no problem ... g> iptables -t nat -I PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT g> --to 10.117.71.2:80 # my web server g> I don't know how to make this work for Inside -> outside connection ... g> Guillaume g> _______________________________________________ g> LARTC mailing list / LARTC@xxxxxxxxxxxxxxx g> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ Of course I have the patches from Julian Anastasov applied http://www.ssi.bg/~ja/#routes , maybe that's the point -- Best regards, Robert mailto:rkurjata@xxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
