Andrew,
Thanks for the suggestion. What I did not mention clearly is I need to do
SNAT for multiple IP to a single interfaces. So depending on what
interface it goes across, it's IP gets changed base on the interface.
So my example of
Public IP <-----> 10.0.1.10 <-----> 192.168.1.10
Public IP <-----> 10.0.2.10 <-----> 192.168.1.10
Is really
Public IP <-----> 10.0.1.10 <-----> 192.168.1.10
Public IP <-----> 10.0.2.10 <-----> 192.168.1.10
Public IP <-----> 10.0.1.11 <-----> 192.168.1.11
Public IP <-----> 10.0.2.11 <-----> 192.168.1.11
Public IP <-----> 10.0.1.12 <-----> 192.168.1.12
Public IP <-----> 10.0.2.12 <-----> 192.168.1.12
Public IP <-----> 10.0.1.13 <-----> 192.168.1.13
Public IP <-----> 10.0.2.13 <-----> 192.168.1.13
Public IP <-----> 10.0.1.14 <-----> 192.168.1.14
Public IP <-----> 10.0.2.14 <-----> 192.168.1.14
And there are a few more. These are just examples.
So I have not tried what you mentioned. Will it work for more than one
IP per interface? So far based on what I have seen if you use the
interface name, you can only have a single IP address translated?
I am not sure if what I am thinking or want to do is possible. At least
not with the iptables I am using, 1.2.4. I do not think 1.2.5 or 1.2.6
has the functionality I am looking for either.
Please excuse my ignorance with iptables if that assumption is
completely wrong.
[EMAIL PROTECTED] wrote:
>>-----Original Message-----
>>From: William L. Thomson Jr. [mailto:[EMAIL PROTECTED]]
>>Sent: Thursday, March 14, 2002 4:22 AM
>>To: [EMAIL PROTECTED]
>>Subject: NAT questions while attempting to load balance
>>
>>
>>To begin with I apologize for not having had enough time to properly
>>search through the archives for previous answers to my question(s).
>>
>>
>>My scenario is I have two seperate SDSL lines through different
>>providers. Each comes with their own block of public IP's. I have not
>>contacted each ISP to request that they route for my other
>>ISP's block.
>>
>>I am to small to ask for something like that. They will most
>>likely say no.
>>
>>I had hoped to be able to load balance traffic both incoming and
>>outgoing through the two lines, but am losing hope that it
>>can be done.
>>
>>I have tried several different scenarios but believe my
>>current one is
>>the only solution.
>>
>>I have two DNS servers, and each server is so to speak, dedicated to
>>each line. If you talk to dns 1 it will return public ip's
>>for line 1.
>>If you talk to dns 2 it will return public ip's for line 2.
>>
>>So here is where my nat problem lies. Here is a diagram to
>>express what
>>I am trying to do.
>>
>>
>>SDSL Router 1 ----- | | | |----DNS1
>> |Linux | | |----DNS2
>> | |-------|Switch|----DB
>> |Router| | |----FTP
>>SDSL Router 2 ----- | | | |----WWW
>>
>>So if someone was using line 1 and communicating with the www
>>server it
>>would be double nat'ed.
>>
>>Public IP <-----> 10.0.1.10 <-----> 192.168.1.10
>>
>>If someone was using line 2 and communicating with the www server it
>>would be double nat'ed.
>>
>>Public IP <-----> 10.0.2.10 <-----> 192.168.1.10
>>
>>
>>I have no problem doing the Destination nat'ing. It's the
>>source I have
>>a problem with.
>>
>>I need to be able to translate 192.168.1.10 into both 10.0.1.10 and
>>10.0.2.10.
>>
>>I was hoping to do the translation based on the interface,
>>but that is
>>were my problem lies.
>>
>>So far I have not been able to map the source IP to an
>>outgoing interface.
>>
>>Here is what I have
>>
>>iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT
>>--to-source 10.0.1.10
>>
>>iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT
>>--to-source 10.0.2.10
>>
>>
>>I would like to use something along the lines of
>>
>>iptables -t nat -I POSTROUTING -i eth1 -s 192.168.1.10 -j SNAT
>>--to-source 10.0.1.10
>>
>>iptables -t nat -I POSTROUTING -i eth2 -s 192.168.1.10 -j SNAT
>>--to-source 10.0.2.10
>>
>>
>
> Try this
>
> iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -i eth1 -j MARK
> --set-mark 0x1
> iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -i eth2 -j MARK
> --set-mark 0x2
> ...
> iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to-source
> 10.0.1.10
> iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source
> 10.0.2.10
>
> HTH
>
> Regards,
>
> Andrew Kozachenko
>
>
>
>
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios Inc.
439 Amber Way
Petaluma, Ca. 94952
Phone 707.766.9509
Fax
707.766.8989
http://www.obsidian-studios.com
