Re: Route all LAN traffic through eth2 and keep web/mailtraffic on eth0

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eduardo,

The idea is very simple simple. You must create two routing tables, one for
each oustside world interface (read the LARTC howto on how to make it). Then
all traffic coming from eth1 that want to go to the internet must go to
interface eth2, so lets mark it:

iptables -t mangle -A PREROUTING -i eth1 -j MARK --set-mark 1

Now we must send this maked packges to routing table that has default
gateway to interface eth2:

ip rule add prio 200 fwmark 1 table route-eth2

This is only an example. Read the LARTC howto them, if you still have any
doubt, come back here.

Att,

Nataniel Klug
Gerente Cyber Nett

----- Original Message ----- 
From: "Eduardo Bejar" <wonka@xxxxxxxxxxx>
To: <lartc@xxxxxxxxxxxxxxx>
Sent: Saturday, February 11, 2006 4:19 PM
Subject:  Route all LAN traffic through eth2 and keep web/mailtraffic
on eth0


> Hi,
>
> I have the following config:
>
> 1 PC with 3 NICs, that shares internet connection to LAN.
> eth0 uses a public IP ($public_ip_1)
> eth1 uses a private IP ($private_ip)
> eth2 uses a public IP ($public_ip_2)
>
> I have a webserver and a mailserver accesible by $public_ip_1 (eth0)
> I have a LAN with all terminals using private IPs, and $private_ip (eth1)
as
> gateway.
> $public_ip_1 and $public_ip_2 are from the same network segment (two
> consecutive IPs).
> eth0 and eth2 should use the same external IP as gateway (only 1 provider,
> so this is not a load balancing/multiple providers case).
> eth0 and eth2 are connected to the same switch.
>
> How can I route all LAN traffic via eth2 and keep web/mail traffic on
eth0?
> And with this, make the LAN traffic use eth2's IP to connect to the
Internet
> and the PC traffic use eth0?
>
> I tested masquerading through eth2 with
> iptables -t nat -A POSTROUTING -s $private_ip_net/255.255.255.0 -o eth2 -j
> MASQUERADE
>
> But LAN could not access the Internet, although the PC could.
>
> Someone told me something about ip rules, which I tested but it seems that
> they did not worked as both eth0 and eth2 should use the same gateway.
>
> Please send me any comments/help regarding this issue,
>
> Thanks!
>
> Edo
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux