Selecting interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

        HI

          I have a box with 2 interfaces that is routing pakets from
        mi  LAN  to the internet. I mark packets that enter on the lan
        interface,  marks coresponding to the IPs on LAN. Here are the
        rules:

        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.1 -j MARK --set-mark 1
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.2 -j MARK --set-mark 2
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.3 -j MARK --set-mark 3
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.4 -j MARK --set-mark 4
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.5 -j MARK --set-mark 5
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.6 -j MARK --set-mark 6
        /sbin/iptables -t mangle -A INPUT --in-interface eth0 -s 192.168.1.7 -j MARK --set-mark 7
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.1 -j MARK --set-mark 1
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.2 -j MARK --set-mark 2
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.3 -j MARK --set-mark 3
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.4 -j MARK --set-mark 4
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.5 -j MARK --set-mark 5
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.6 -j MARK --set-mark 6
        /sbin/iptables -t mangle -A OUTPUT --out-interface eth0 -d 192.168.1.7 -j MARK --set-mark 7

        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.1 -j MARK --set-mark 1
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.2 -j MARK --set-mark 2
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.3 -j MARK --set-mark 3
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.4 -j MARK --set-mark 4
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.5 -j MARK --set-mark 5
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.6 -j MARK --set-mark 6
        /sbin/iptables -t mangle -A PREROUTING --in-interface eth0 -s 192.168.1.7 -j MARK --set-mark 7
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.1 -j MARK --set-mark 1
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.2 -j MARK --set-mark 2
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.3 -j MARK --set-mark 3
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.4 -j MARK --set-mark 4
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.5 -j MARK --set-mark 5
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.6 -j MARK --set-mark 6
        /sbin/iptables -t mangle -A POSTROUTING --out-interface eth0 -d 192.168.1.7 -j MARK --set-mark 7

            I  am  wondering what interface and what packets (incoming
        or  outgoing to that interface) are assumed if I don't specify
        in   the   rules  "--out-interface  eth0"  (eth0  is  the  lan
        interface).

            I  use  the  INPUT  and  OUTPUT  too  because I have squid
            passing the pakets from port 80.
        

        


  TheBat! 2.00.6 natural e-mail system?
 adresa de e-mail: Dragos_Cinteza@xxxxxx
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux