[LARTC] Two outbound internet links, using one network interface
Dashamir Hoxha
dasho at ma-isp.com
Fri Oct 13 09:01:45 CEST 2006
Pio Mendez wrote:
>
>
>
> >Pio Mendez wrote:
> >>PREROUTING chain is not traversed by local traffic, but OUTPUT
> >>chain does.
> >
> >I think that OUTPUT is traversed after routing decision is taken, so
> >it is still the same problem.
>
>
> I'm using OUTPUT chain in production environment to balance squid
> box traffic between 2 ISP, so I'm sure that you can reroute output
> packets using mangle OUTPUT chain.
>
> After traversing mangle and nat OUTPUT chains there is another
> routing process. Please check this diagram:
>
> http://www.imagestream.com/~josh/PacketFlow.png
> <http://www.imagestream.com/%7Ejosh/PacketFlow.png>
>
Pio Mendez is right. I have just tested it and it works.
Now the script becomes something like this:
-------------8<----------------------------------
ip link set eth0 up
ip address flush eth0
ip address add $IP1 dev eth0
ip address add $IP2 dev eth0
route add to default via $GATEWAY1
ip route flush table 2
ip route show table main | grep -Ev ^default \
| while read ROUTE ; do ip route add table 2 $ROUTE ; done
ip route add table 2 default via $GATEWAY2
ip rule del fwmark 2 table 2 2>/dev/null
ip rule add fwmark 2 table 2
iptables -t mangle -N MARK-RULES
iptables -t mangle -A PREROUTING -j MARK-RULES
iptables -t mangle -A OUTPUT -j MARK-RULES
PORT_LIST="22 53"
for PORT in $PORT_LIST
do
iptables -t mangle -A MARK-RULES -m tcp -p tcp -dport $PORT -j MARK
--set-mark 0x2
done
iptables -t nat -A POSTROUTING -o eth0 -m mark --mark 0x2 -j SNAT
--to-source $IP2
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $IP1
------------8<---------------------------------
More information about the LARTC
mailing list