First, you must understand that PREROUTING will only handle policy
routing FORWARDED traffic, and will not properly deal with traffic from
the firewall itself. Please make sure to duplicate the rules with:
"iptables -t mangle -A OUTPUT". That means, if the firewall gets an
invalid TCP connection attempt, it will send the ICMP reply out the
correct interface.
Ok, to make your routes, here's a pre-canned function:
You'll have to fix up the following function to create the default route
the way that ppp assigns them. What I'd do is add this to ppp's ip-up
script so that as soon as you know your new ppp address, you change the
table to reflect the new value.
Here 'might' be a way to do it. I don't have ppp lines so I couldn't say
if its right or not.
_mark="$((`echo "${1}" | sed s/ppp//`+1))"
_ext_gw="${5}";
_local_ip="${4}";
route_builder "${_mark}" "${_ext_gw}" "${_local_ip}"
The following IS what I use to build routes. I'm pretty sure it'll work
as advertised.
#
# Notes:
# This function generates a new routing table based on the currect
main
# routing table. The difference is that the default route is user
specified.
#
# Arguments:
# 1 - Table ID to create
# 2 - IP Address, Gateway Address
# 3 - IP Address, Local Source
#
IP=ip
function route_builder
{
_table_id=${1}
_table_gateway=${2}
_table_source=${3}
if [ "${1}" != "" -a "${2}" != "" ]; then
${IP} rule del fwmark ${_table_id} table ${_table_id}
${IP} rule add fwmark ${_table_id} table ${_table_id}
${IP} route flush table ${_table_id}
${IP} route show table main | grep -Ev ^default
\
| while read ROUTE ; do
${IP} route add table ${_table_id} $ROUTE
done
${IP} route add table ${_table_id} default via ${_table_gateway}
\
src ${_table_source}
else
echo "route_builder: Invalid arguments specified."
fi
}
