Here is my natting script -------------- IPTABLES=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward $IPTABLES -F $IPTABLES -t nat -F /sbin/modprobe ip_nat_ftp INTERNAL_NETWORK="192.168.3.0/24" $IPTABLES -t nat -A POSTROUTING -s $INTERNAL_NETWORK -o eth2 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s $INTERNAL_NETWORK -o eth1 -j MASQUERADE $IPTABLES -A INPUT -i eth0 -s $INTERNAL_NETWORK -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth2 -s $INTERNAL_NETWORK -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth1 -s $INTERNAL_NETWORK -m state --state ESTABLISHED,RELATED -j ACCEPT ------------------- On 9/5/07, Pan'ko Alexander <[EMAIL PROTECTED]> wrote: > > On Tue, 4 Sep 2007 22:55:17 +0500 > Arman <[EMAIL PROTECTED]> wrote: > > > Hi all, > > I am now testing on a simplest scenario. I have an ip 192.168.3.5on > > intranet. I want to route it through ISP1. All other traffic will go > through > > ISP2 which is default gateway on machine so I dont need to add any rule > for > > that. I have executed following commands > > ---- > > echo 150 ISP1 >> /etc/iproute2/rt_tables > > ip rule add from 193.168.3.5/32 to 0.0.0.0/0 table ISP1 > > ip route add default via 192.168.1.1 table ISP1 > > ip route flush cache > > ---- > > Following is the tables state > > > > [EMAIL PROTECTED] ~]# ip rule list > > 0: from all lookup local > > 32764: from 193.168.3.5 lookup ISP1 > > 32765: from 193.168.3.5 lookup ISP1 > > 32766: from all lookup main > > 32767: from all lookup default > > > > [EMAIL PROTECTED] ~]# route > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use > > Iface > > 192.168.3.0 * 255.255.255.0 U 0 0 0 > eth0 > > 203.81.198.0 * 255.255.255.0 U 0 0 0 > eth2 > > 192.168.1.0 * 255.255.255.0 U 0 0 0 > eth1 > > 169.254.0.0 * 255.255.0.0 U 0 0 0 > eth1 > > default 203.81.194.24 0.0.0.0 UG 0 0 0 > eth2 > > > > [EMAIL PROTECTED] ~]# ip route list table ISP1 > > default via 192.168.1.1 dev eth1 > > > > I have very nearest configuration and it is working > > > system is natted. > > What and how is natted? > > The right is: > iptables -t nat -A POSTROUTING -s 192.168.3.5 -j MASQUERADE > > Or > iptables -t nat -A POSTROUTING -s 192.168.3.5 -j SNAT --to-source (ip of > eth1) > > > May be you have > iptables -t nat -A POSTROUTING -s 192.168.3.0/24 -j SNAT --to-source (ip > of eth2) > It is wrong. > > Try to determin routing by tcpdump -i ethX. > > > > > I have checked for ip 192.168.3.5 but this is still from default > gateway. > > Not going my settings. Internet is working for 192.168.3.5 but through > ISP2. > > Will I have to do something with main table? > > > > -- > > Regards, > > Arman > > > > > -- > With best regards, Pan'ko Alexander. > > -- Regards, Arman Anwar
_______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
