To begin with I apologize for not having had enough time to properly
search through the archives for previous answers to my question(s).
My scenario is I have two seperate SDSL lines through different
providers. Each comes with their own block of public IP's. I have not
contacted each ISP to request that they route for my other ISP's block.
I am to small to ask for something like that. They will most likely say no.
I had hoped to be able to load balance traffic both incoming and
outgoing through the two lines, but am losing hope that it can be done.
I have tried several different scenarios but believe my current one is
the only solution.
I have two DNS servers, and each server is so to speak, dedicated to
each line. If you talk to dns 1 it will return public ip's for line 1.
If you talk to dns 2 it will return public ip's for line 2.
So here is where my nat problem lies. Here is a diagram to express what
I am trying to do.
SDSL Router 1 ----- | | | |----DNS1
|Linux | | |----DNS2
| |-------|Switch|----DB
|Router| | |----FTP
SDSL Router 2 ----- | | | |----WWW
So if someone was using line 1 and communicating with the www server it
would be double nat'ed.
Public IP <-----> 10.0.1.10 <-----> 192.168.1.10
If someone was using line 2 and communicating with the www server it
would be double nat'ed.
Public IP <-----> 10.0.2.10 <-----> 192.168.1.10
I have no problem doing the Destination nat'ing. It's the source I have
a problem with.
I need to be able to translate 192.168.1.10 into both 10.0.1.10 and
10.0.2.10.
I was hoping to do the translation based on the interface, but that is
were my problem lies.
So far I have not been able to map the source IP to an outgoing interface.
Here is what I have
iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT --to-source 10.0.1.10
iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT --to-source 10.0.2.10
I would like to use something along the lines of
iptables -t nat -I POSTROUTING -i eth1 -s 192.168.1.10 -j SNAT
--to-source 10.0.1.10
iptables -t nat -I POSTROUTING -i eth2 -s 192.168.1.10 -j SNAT
--to-source 10.0.2.10
But it seems when doing Source based translation you can use an
interface or ip but not both.
I cannot use the interface as more than one internal IP will flow across
it and I need seperate translation for each. I am not sure if I can do
this with Destination Translation or not.
Also for the record I am using a kernel with multipath support and am
using multiple gateways in my rules. Although direct specific gateways
exist with a hirer priority so a packet going for a specific gateway
should be directed there first before tying the mulitpath gateway.
I would assume the multipath gateway to be used only when sending
something out not in response to a request in and it would choose one or
the other.
Anyway at this point I am open to any suggestions. If this has been
covered before please provide a date so I can go and reference that or a
link.
Thank you.
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax
707.766.8989
http://www.obsidian-studios.com
