On Tue, Sep 05, 2006 at 11:16:20AM -0400, Bill Davidsen wrote: > >Maybe your setup is slightly different from mine. We had two > >connections, lets say "Expensive and Slow" (E) and "Cheap and Fast" > >(C). The latter doesn't have static IP. > > > >Anyway, all I wanted was that all outgoing traffic went via C, the only > >traffic going out via E would be responses to requests coming in via E. > > > >The solution is to SNAT all connections going out to the address of C. > >And in the routing table, the default route is selected purely on the > >basis of the source IP (which will be either C or something in the > >netblock of E). There's no need to mark packets, or even care about > >ports. > > > Martin, excuse my long delay revisiting this, I have spent the last few > months participating in a lifestyle change... I still don't quite see > how SNAT helps, based on two things: <snip> Well yes, SNAT by itself doesn't do it. All it does is to make all outgoing connections have the address of C. It doesn't affect incoming connections at all, the ones coming over E whose reply packets need to go out E. It's the routing table that has the magic. All you need is to make sure your main routing table (as shown by route) has no default route. Then you do: # First run main routing table ip rule add pref 600 table main # Then, if source IP is E, use routeE table ip rule add pref 601 from E table routeE # Otherwise use routeF table ip rule add pref 602 table routeF # These tables just contain the gateway addresses ip route add table routeE default gw gatewayE ip route add table routeF default gw gatewayF There might be a nicer way of expressing it (and this is typed from memory so the syntax may be off) but it worked fine for us. Hope this helps, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment:
signature.asc
Description: Digital signature
