>> 1) SNAT to the right source address, like
>> iptables -A POSTROUTING -j nat -t SNAT [-s from.where or -d to.where]\
>> --to-source source.addr.of.eth0
BJM> Surely you mean -t nat -j SNAT?
sorry, yeah it was -t nat -j SNAT.. i double checked now :)
BJM> But these two iptables rules conflict with each other. If -s
BJM> "from.where" is my internal lan and the same in both rules, they are
BJM> both trying to do the SNATting of the same packets. In my two rules, I
BJM> added a -o <iface> (where <iface> is the interface matching the
BJM> source.addr.of.<iface>).
yes they are conflicting with each other.. i thought that you could
select which connection the packets should be using either based on
the address the packets are coming FROM (-s some.ip.on.the.lan) or
going TO (-d wan.destination.address.).
BJM> I have:
BJM> ip rule add from 66.11.173.224 lookup 1
BJM> ip rule add from 24.235.240.15 lookup 2
anyways, you can "name" routing tables in /etc/iproute2/rt_tables
then it makes a bit more sense ("ip rule" also displays/uses them so eg.
if you name 1 to "abcd" then
ip rule add from x.x.x.x lookup abcd
also works.
iif is the interface packets are coming in (there is also oif).. if
it's not a static ip address it might be convenient not having to use
the IP of the connection but the interface. (same goes for the "via
XX when you are doing "ip route add default dev XY table N")
if you do "man ip" it reads (ip rule add/ip rule del):
iif NAME
select the incoming device to match. If the interface is
loopback, the rule only matches packets originating from
this host. This means that you may create separate routing tables for
forwarded and local packets and, hence, com
pletely segregate them.
-
diab
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
