On 8/16/07, Виталий Цховребов <[EMAIL PROTECTED]> wrote: > > Hello, people. > > I read iptables tutorial and lartc, but i'm still confused with one > trouble. > > May be this question was discussed already, so forward me solution, if > is. > > So, there's a trouble. > > I have debian etch linux. 2.6.18-4 kernel. > > On this computer i have three interfaces: eth0 - my lan, eth1, eth2 - > providers. > > By default all internet traffic routed through eth2. But i NEED to > route mail and icq (tcp110, tcp25, tcp5190) through eth1. How can i do > that?
That is policy routing. Is it a SNATed firewall? I use below script for a SNATed firewall where I have two links such as a Leasedline and a ADSL. I route web traffic (both HTTP and HTTPS -- port tcp 80 and tcp 443) via ADSL link. YOU want to route mail and icq (tcp110, tcp25, tcp5190) through eth1. pls change your ports accordinly. Pls replace gatewayipofprovider1, gatewayipofprovider2, ipofETH1 and ipofETH2 with yours. by default, My firewall also routes trafic via eth2 (i.e- gatewayipofprovider1--- Leasedline or realiplink ) I route http and https traffic via eth1 (i.e- gatewayipofprovider2 --ADSL or adsllink ) . in your case, it is the SAME. below is the Script. echo 210 realiplink >> /etc/iproute2/rt_tables echo 211 adsllink >> /etc/iproute2/rt_tables ip route add <http://203.115.26.65/>gatewayipofprovider1 dev eth2 table realiplink ip route add default via gatewayipofprovider1 dev eth2 table realiplink ip route add gatewayipofprovider2 dev eth1 table adsllink ip route add default via gatewayipofprovider2 dev eth1 table adsllink iptables -t mangle -A OUTPUT -p tcp -m multiport --dports 80,443 -j MARK --set-mark 1 ip rule add fwmark 1 pri 100 table adsllink iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source ipofETH1 echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter ip rule add from ipofETH2 pri 200 table realiplink ip rule add from ipofETH1 pri 300 table adsllink Then, issue below command to see routing tables ip rule list PLS NOTE: In the above script, I have marked OUTPUT trafic as 1. below is the command I have given iptables -t mangle -A OUTPUT -p tcp -m multiport --dports 80,443 -j MARK --set-mark 1 the reason for that is the firewall is itself is a SQUID proxy server. But not a TRANSPARENT PROXY. Just acts as a normal proxy. (i.e- I have configured client browsers with ip address and port 3128.) Try with the above script and see if it works. UNLESS it works, pls replace the above command with this. iptables -t mangle -A PREROUTING -p tcp -m multiport --dports 80,443 -j MARK --set-mark 1 or iptables -t mangle -A PREROUTING -i eth0 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 1 try this nad be HAPPY _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > -- Thank you Indunil Jayasooriya
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc