[LARTC] Re: routing between 2 lines problem , after starting squid
Stanislav Nedelchev
stanislav.nedelchev at gmail.com
Fri Apr 7 22:15:42 CEST 2006
It's Solved
Stanislav Nedelchev wrote:
> i'm using one line on eth2 only for web traffic
> eth1 is my internal line and eth0 is my main line to internet .
> i'm marking packets like this
>
> i have default route on eth0
>
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 80 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 3128 -j MARK
> --set-mark 66
> iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 3128 -j MARK
> --set-mark 66
>
> iptables -t mangle -A FORWARD -p tcp --sport 80 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD -p tcp --dport 80 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD -p tcp --sport 3128 -j MARK --set-mark 66
> iptables -t mangle -A FORWARD -p tcp --dport 3128 -j MARK --set-mark 66
>
>
> iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE
> iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 3128 -s
> 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE
>
> i have also
> /sbin/ip route add 192.168.0.0/24 dev eth1 table natips
> /sbin/ip route add 127.0.0.0/8 dev lo scope link table natips
> /sbin/ip route add default via 217.10.248.1 dev eth2 table natips
> /sbin/ip route flush cache
> /sbin/ip rule add fwmark 66 table natips
>
>
> squid is running
> on 192.168.0.1:3128
>
> without squid it's working i'm using second line for web traffic
> with squid it's not working
>
> can anybody help me
>
> Thanks in advance.
>
More information about the LARTC
mailing list