[LARTC] Doesn´t work
XMundo - Soporte Tecnico
soporte@xmundo.net
Sat, 18 Sep 2004 18:31:41 -0300
I have the next script written by me but it doen´t work correctly. The
modem2 (eth2) send the
packets with the source IP of the modem1 (eth0).
I´m view it with the snort (snort -i eth2 -Nv port 80).....
Any idea?
It is my script::
##################################
IP=/sbin/ip
IPTABLES=/sbin/iptables
MODEM1="eth0"
MODEM2="eth2"
LAN="eth1"
$IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE
$IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE
$IP rule add fwmark 1 table modem1
$IP rule add fwmark 2 table modem2
$IP rule add fwmark 3 table web
$IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via
200.xxx.xxx.1 dev $MODEM2
$IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1
$IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2
$IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j
MARK --set-mark 3
echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter