On Mon, 2013-06-24 at 12:09 +0200, ninnig1@xxxxxx wrote: > hi, I have a big problem, I hope for your help. > I have two balanced > ADSL: ADSL 1 and ADSL 2. This is the script. > > #!/bin/bash > > ip route add > xx.yy.205.200/255.255.255.248 dev eth0 src xx.yy.205.202 table ADSL1 > ip > route add default via xx.yy.205.201 table ADSL1 > > ip route add xx.yy. > 246.176/255.255.255.248 dev eth1 src xx.yy.246.178 table ADSL2 > ip route > add default via xx.yy.246.177 table ADSL2 > > ip rule add from xx.yy. > 205.202 table ADSL1 > ip rule add from xx.yy.246.178 table ADSL2 > > ip > route add 127.0.0.0/8 dev lo table ADSL1 > ip route add 127.0.0.0/8 dev > lo table ADSL2 > > ip route add default scope global nexthop via xx.yy. > 205.201 dev eth0 weight 1 nexthop via xx.yy.246.177 dev eth1 weight 1 > > > ip route flush cache > > echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter > > echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter > echo "0" > > /proc/sys/net/ipv4/conf/eth1/rp_filter > echo "0" > > /proc/sys/net/ipv4/conf/eth2/rp_filter > > Ever since it was to balance > the traffic out everything was fine. Now I have the need to publish a > server on the LAN on the internet. > > The server in question > (192.168.1.10) must be published with the address xx.yy.205.202 (ADSL1) > > > I thought so to set the configuration: > > ip rule add fwmark 1 lookup > ADSL1 > > iptables -t nat -A POSTROUTING -s 192.168.1.10 -o eth2 -j MARK -- > set-mark 1 > iptables -t nat -A POSTROUTING -s 192.168.1.10 -o eth0 -j > SNAT --to-source xx.yy.205.202 > iptables -t nat -A PREROUTING -p tcp -m > tcp -d xx.yy.205.202/32 -i eth0 --dport 80 -j DNAT --to-destination > 192.168.1.10:80 > > This configuration don't work !! > the server comes out > once the correct interface and once the wrong one You're marking the packets in POSTROUTING, but which time the routing decision has already taken place. You'll need to mark them much earlier, somewhere in PREROUTING. Andy -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
