On Mon, Feb 14, 2005 at 02:47:18PM -0600, /dev/rob0 wrote:
> > This does not work since all the packets are forwarded to the default
> > GW which is ISP_GW_1.
> I think you still need the patches and routing commands as described in
> the nano.txt file. You'd just plug in your customised SNAT rules in
> place of the load-balancing ones.
Actually, you only need them if you want to loadbalance. If you don't, you
just play a little with policy based routing (which works with "normal"
kernels too), like
ip route add via $ISP_GW_1 src $ISP_IP_1 dev eth1 table 101
# technically, if you keep iptables the way you have, you can leav out "src
# $ISP_1"
ip route add via $ISP_GW_2 src $ISP_IP_2 dev eth2 table 102
ip rule add from 172.17.31.5 table 101
ip rule add from 172.17.31.7 table 102
(in reality you may need a couple more rules to avoid problems with
communicating with other subnets if you have them, see LARTC HOWTO
"loadbalacing multiple providers").
In order to avoid having duplicate ip lists, I suggest you use -j MASQUERADE
(without -s) in iptables. In order to optimise for speed you could use
sub-subnets or hashes (if you have like dozens of computers, it shouldn't
matter, but with hundreds or thousands it might be necessary).
Bye,
Peter Surda (Shurdeek) <shurdeek@xxxxxxxxxxxx>, ICQ 10236103, +436505122023
--
NT, now approaching 23x6 availability.
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
