On Thu, Mar 31, 2005 at 06:37:50PM +0200, Rub?n Cardenal wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I have a quite simple setup in ony of my servers but I can't make > the conditional routing using iptables to work. > > The server has: > > eth0: 192.168.2.0/23 > eth1/eth2: reserved for future use > eth3: 10.10.100.0/24 > > The eth3 is connected to a separate switch where 30 AP's are > connected to and a dhcp server running on the server gives IP's to > clients connected to the wireless lan. In the same way, eth0 is > connected to another set of switchs (isolated from the switch where > eth3 is connected to) where all LAN clients (192.168.2.0/23) are > connected to. > > I can use two gateways, both of them are accessed via eth0: > 192.168.3.250 and 192.16.3.254. The default gateway for all the LAN > clients (192.168.2.0/23) is (and must be) 192.168.3.254 and just a > few people is allowed to use the other gateway. > > The desired configuration is that I want to be able to route > certain clients from eth3 (10.10.100.0/24) via 192.168.3.250 instead > of the default gw of the server (192.168.3.254). > > All the configurations I've tried, doesn't work or make LAN clients > loose connectivity with the server. How should I setup routes/rules? if you can group your users to specific networks then you can use ip ru for something like this 0: from all lookup local 200: from 10.10.100.0/24 lookup wireless 201: from 192.168.2.0/24 lookup plana 201: from 192.168.3.0/24 lookup planb 32766: from all lookup main 32767: from all lookup default or in using iptables -t mangle and PREROUTING you can mark your packets with -m mark --set-mark 0x01 iptables -t mangle -I PREROUTING -s 10.100.100.0/24 -m mark --set-mark 0x01 iptables -t mangle -I PREROUTING -s 192.168.2.0/24 -m mark --set-mark 0x02 iptables -t mangle -I PREROUTING -s 192.168.3.0/24 -m mark --set-mark 0x03 and then use ip ru sort of like 0: from all lookup local 200: fwmark 0x01 lookup wireless 200: fwmark 0x02 lookup plana 200: fwmark 0x03 lookup planb 32766: from all lookup main 32767: from all lookup default and then fill the tables with the appropiate routing rules note - I split your 192.168.2.0/23 back into 2 /24 just for example, you might need to check the syntax of the -m mark target as well. Alex > > Regards, > > - - Ruben. > > -----BEGIN PGP SIGNATURE----- > Version: PGP 8.1 > > iQA/AwUBQkwnXQcpyqBKAkY5EQLdOwCg/rIS18MM5mKYfXjEhvSiCPgOV1QAmwZ7 > TG3o6vj9sH7NQXoVkgUsBcvS > =BTkL > -----END PGP SIGNATURE----- > > >
Attachment:
signature.asc
Description: Digital signature
