[LARTC] NAT over 2 providers (not load balance)
Tóth Nándor
nug@sch.bme.hu
Mon Feb 14 20:47:24 CET 2005
Hi!
Mihai Vlad wrote:
> Hi guys,
>
> Can you take a look at this? :)
>
>
> +-----------+
> | |
> eth1-|- |
> | -|-eth0---LAN---
> | |
> eth2-|- |
> | |
> +-----------+
> -
>
> eth0 is connected to the LAN having the IP=LAN_IP
>
> eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1
> eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2
>
> I need to selectively SNAT clients in the LAN to ISP_IP_1 or ISP_IP_2.
>
> That would be something like:
> $IPTABLES -t nat -A POSTROUTING -s 172.17.31.5 -j SNAT --to-source $ISP_IP_1
> $IPTABLES -t nat -A POSTROUTING -s 172.17.31.7 -j SNAT --to-source $ISP_IP_2
>
>
> This does not work since all the packets are forwarded to the default GW
> which is ISP_GW_1.
>
> How can I change this?
>
> As far as I remember, the routing decisions and policy are before the
> POSTROUTING chain in which the SNAT occurs...
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE -j SNAT
--to-source $EXTERNAL_IP_ADDR
$IPTABLES -t nat -A POSTROUTING -o $EXTERNAL_INTERFACE2 -j SNAT
--to-source $EXTERNAL_IP_ADDR2
And add some rules based on client's source ip address. (policy routing)
http://www.linux.com/howtos/Adv-Routing-HOWTO/lartc.rpdb.simple.shtml
--
Udv,
Nandor
More information about the LARTC
mailing list