Jeremy Elson wrote:
[ Oops, sent this to netfilter-devel before I realized this list existed. D'oh! ] Hi, I'm trying to set up a Linux box as a NATting router. But here's the trick: my box's external interface is on a LAN that has a whole bunch of next-hop routers on it, any of which can be used to access the Internet. I'm trying to figure out how to configure iptables so that the NAT box selects the router to use based on client IP address (i.e., the IP address on the inside interface). In other words -- I'd like ipfilter to keep the destination IP address unchanged, but select a next-hop destination (e.g., by changing the destination MAC address) based on the source IP. And, on top of all this, mangle the source address according to normal masquerading. I've been tinkering with a command like this: iptables -t nat -A POSTROUTING -i $INTERNAL_CLIENT_IP -o external-iface0 -j SNAT --to $EXTERNAL_ROUTER_IP ...but it seems that --to controls the new source address given to the packet (i.e., the router's outside-interface IP), and not the destination to which the NATted packet is sent. Could someone please point me in the right direction? Or is this not possible? Thanks! --Jeremy
You just want do to source routing, look here http://www.linuxguruz.com/iptables/howto/2.4routing-4.html#ss4.1
