Hi!
Mihai Vlad wrote:
Hi guys,
Can you take a look at this? :)
+-----------+ | | eth1-|- | | -|-eth0---LAN--- | | eth2-|- | | | +-----------+ -
eth0 is connected to the LAN having the IP=LAN_IP
eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2
I need to selectively SNAT clients in the LAN to ISP_IP_1 or ISP_IP_2.
That would be something like: $IPTABLES -t nat -A POSTROUTING -s 172.17.31.5 -j SNAT --to-source $ISP_IP_1 $IPTABLES -t nat -A POSTROUTING -s 172.17.31.7 -j SNAT --to-source $ISP_IP_2
This does not work since all the packets are forwarded to the default GW which is ISP_GW_1.
How can I change this?
As far as I remember, the routing decisions and policy are before the POSTROUTING chain in which the SNAT occurs...
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE -j SNAT --to-source $EXTERNAL_IP_ADDR
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE2 -j SNAT --to-source $EXTERNAL_IP_ADDR2
And add some rules based on client's source ip address. (policy routing) http://www.linux.com/howtos/Adv-Routing-HOWTO/lartc.rpdb.simple.shtml
-- Udv, Nandor _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
