On Sunday 24 February 2002 12:18 pm, Karina wrote: > Hi, i have this problem.. > > I have an iptables-box, that is the default gateway for all my > internal addresses, after this box all the packets are sending to my > main router. But now, I need to send one of my internal Class C to > another router instead of the main one. > > I try with this line: > > $IPTABLES -T NAT -a PREROUTING -i eth0 -s $THISCLASS -j DNAT --to > other.router.ip > > but it seems this is not working. > > If i setup a computer and i put as gateway directly the new router ip > all works. But , if i setup this same comptuer and i put as gateway my > iptables-box (all the computers have this settings) this doesn't work. > The packets sent by my other ip addresses are going to main router as > usual, but the other class is not going to the alternate router. > > Any ideas ? Yep. DNAT changes the destination, the FINAL destination. Everything you DNAT with this rule is sent TO the router, not THROUGH the router. You want to work with routing instead of NAT, because you only want to change the route used to reach that destination. The Linux Advanced Routing and Traffic Control Howto ( http://lartc.org/howto ) has a helpful section "Routing for Multiple Uplinks" at http://lartc.org/howto/lartc.rpdb.multiple-links.html that should tell you what you want. Basically you need to create 2 routing tables, with an upstream router as the default route in each. Make the 'main' router the overall default, and the secondary router has a rule that sends specific traffic to it. You can source-route ("Prev" from the Multiple-Uplink section linked above) just with the routing configuration, or you can use the MARK target in mangle PREROUTING with iptables to flag the traffic destined for it, and then set up a routing rule based on the fwmark, as explained in http://lartc.org/howto/lartc.netfilter.html . From what you outlined, source routing is your simplest solution, and won't directly involve iptables at all. MARK is more useful in situations where you need to send specific types of traffic, rather than specific sources, through a different route. j
