On Wednesday 05 February 2003 02:17 am, Blesson Paul wrote: > But can iproute2 and iptable co exist together. What I meant is, let I > used iproute2 to route the traffic. I also need to do SNAT of the > packets. So I need to do SNAT as well as routing. > > regards > Blesson Paul This is not a problem, they work quite happily together. You can mark or change TOS on packets in mangle-PREROUTING, then the routing decision is made after nat-PREROUTING and the packets go to the FORWARD chains. (or INPUT, but that's not what you're aiming at here) After FORWARD chains they all go to POSTROUTING, where you perform SNAT. You simply perform SNAT of packets going out, for example, eth1, and MASQUERADE (or SNAT if the dynamic IP doesn't really change until a restart) for packets going out eth2, with the appropriate IPs for each SNAT, based on "-o eth1" or "-o eth2" matches. j
