Hello, Kostas Pelechrinis a écrit : > > I have a machine with two interfaces (let's say if1 -- with ip address > a.b.c.d -- and if2 -- with ip address x.y.z.w) both connected to the > internet. One of the two interfaces is the default interface (e.g., if1). > Whatever flow is initiated towards a destination in the Internet is > going out if1. I want to use iptables in order to redirect some of the > flows to if2. Is there a way to do this using iptables? This is a FAQ. You will find useful information in the Linux Advanced Routing and Traffic Control (LARTC) HOWTO. > I have tried some rules (e.g., iptables -A FORWARD -d k.l.m.n -o if2 > -j ACCEPT // where k.l.m.n is the destination ip address of the flow I > want to redirect) but with no luck. From what I could figure out the > rule FORWARD is mainly for packets that go through the machine and not > that much for packets originating from the machine. Indeed. Besides, the rule justs matches packets going out through the interface if2. It does not have any effect on the routing decision, which took place before the FORWARD chain. > another question is weather iptables changing the source ip address > from a.b.c.d to x.y.z.w or not. Iptables does not change the source address implicitly as a result of a rerouting decision. You have to do it explicitly with rules using SNAT or MASQUERADE. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
