On Wed, August 25, 2004 2:05 pm, Jason Opperisano said: >> Hi all, >> >> I know that Masquerade makes the outgoing packet with the src "ip >> address" ofthe link it >> is going out on. BUT is there a way to specify the actual interface it >> shouldgo out on. >> >> for example, if there is ppp0 and ppp1, I want to be able to send all >> ICMP packets through >> say ppp0. >> >> Basically I want all ICMP packets to go through one interface, don't >> care which one... >> >> What kind of rules will I need? > > two thoughts come to mind: > > 1) using the MARK target to set marks and using iproute2 to route the > traffic accordingly (you can't swing a dead cat on this mailing list or on > google without hitting an example on how to do this) > > 2) using the ROUTE target. seems to be a less common answer--but the > example used in the help file is your exact scenario: > > # To force all outgoing icmp packet to go through the eth1 interface > # (final target) : > iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif eth1 > *For suggestion (2)* To make it working with the MASQUERADE target, you'll need this : 1) Force the packet to continue traversing the other rules. iptables -A POSTROUTING -t mangle -p icmp -j ROUTE --oif ppp1 --continue 2) Read & patch ipt_MASQUERADE.c with the following post: https://lists.netfilter.org/pipermail/netfilter-devel/2004-January/013695.html If nothing works, try using the ROUTE target in the FORWARD chain instead. HTH, Samuel Jean CookingLinux.org
