Hello, Martin Ferrari - Decidir IT wrote: > I did NAT from 64.x.x.131 to 192.168.x.x, and from 200.x.x.218 to > 192.168.x.x. It works ok, except for something: I can't find out a way to > force the packets DE-nated to 200.x.x.218 to go out by the 200.x.x.x iface, > they all go out by the default iface, which is 64.x.x.x. > > I tryed with iproute2, these are my rules & routes: > > # ip ru l > 0: from all lookup local > 32764: from 64.x.x.128/26 lookup uunet > 32765: from 200.x.x.192/27 lookup comsat > 32766: from all lookup main > 32767: from all lookup default the above order of rules is not correct. Use the following nano-howto from Christoph, there is example for netfilter setup using 2 internet lines: http://www.linuxvirtualserver.org/~julian/nano.txt > As a side note, I also cannot setup loadbalancing combining ip route nexthop > with iptables MASQUERADE. I do: > > # ip r d default > # ip r a default nexthop dev eth0 via 200.x.x.222 nexthop dev eth1 via > 64.x.x.129 > > and then: > > # ip r l > 200.x.x.192/27 dev eth0 proto kernel scope link src 200.x.x.219 > 64.x.x.128/26 dev eth1 proto kernel scope link src 64.x.x.131 > 192.168.x.0/24 dev eth2 proto kernel scope link src 192.168.x.200 > default > nexthop via 200.x.x.222 dev eth0 weight 1 dead > nexthop via 64.x.x.129 dev eth1 weight 1 > > > The "dead" flag stays there, and never uses the 200.x.x.x route.. Do you > know why it could be? This is a known problem in iproute2: http://mailman.ds9a.nl/pipermail/lartc/2001q4/002126.html Regards -- Julian Anastasov <ja@ssi.bg> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
