Making routing decision based on destination port
Hello,
I have LAN connected to internet using two ISPs. I would like to route IRC traffic to one ISP using several public IP addresses and masquerade all other traffic to another ISP. My script is listed below. I can't connect to port 6667 and if a connection is established on another port via masqueraded interface, DCC is not working even if modprobe ip_conntrack_ftp, modprobe ip_conntrack_irc, modprobe ip_nat_ftp and modprobe ip_nat_irc
are present. Also ftp is not working.
Can somebody tell me what I am doing wrong ?
Thank you.
##########################
adsl-start
ISP1_IP="x.x.x.35"
ISP1_IP_RANGE="x.x.x.32/27
ISP1_GW="x.x.x.33"
ISP1_IF="eth0"
LAN_IP="192.168.10.1"
LAN_IP_RANGE="192.168.10.0
LAN_IF="eth1"
ISP2_IF="ppp0"
# ip address from ppp connection
ISP2_IP=$(/sbin/ifconfig ppp0 |grep inet|awk {'print $2'}|cut -d":" -f2)
# ppp connection gateway
ISP2_GW=$(/sbin/ifconfig ppp0 |grep inet|awk {'print $3'}|cut -d":" -f2)
ip address add x.x.x.34 dev $ISP1_IF
ip address add x.x.x.36 dev $ISP1_IF
ip address add x.x.x.37 dev $ISP1_IF
depmod -a
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ipt_MARK
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables -t mangle -A PREROUTING -p tcp --dport 6667 -j MARK --set-mark 2
ip rule add prio 100 fwmark 2 lookup 100
ip route del default
ip route add default via $ISP1_GW table 100
ip route add default via $ISP2_GW
iptables -t nat -A POSTROUTING -o $ISP2_IF -s $LAN_IP_RANGE -j MASQUERADE
iptables -t nat -A POSTROUTING -o $ISP1_IF -s $LAN_IP_RANGE -j SNAT --to x.x.x.34-x.x.x.37
echo 1 > /proc/sys/net/ipv4/ip_forw
##########################
I have LAN connected to internet using two ISPs. I would like to route IRC traffic to one ISP using several public IP addresses and masquerade all other traffic to another ISP. My script is listed below. I can't connect to port 6667 and if a connection is established on another port via masqueraded interface, DCC is not working even if modprobe ip_conntrack_ftp, modprobe ip_conntrack_irc, modprobe ip_nat_ftp and modprobe ip_nat_irc
are present. Also ftp is not working.
Can somebody tell me what I am doing wrong ?
Thank you.
##########################
adsl-start
ISP1_IP="x.x.x.35"
ISP1_IP_RANGE="x.x.x.32/27
ISP1_GW="x.x.x.33"
ISP1_IF="eth0"
LAN_IP="192.168.10.1"
LAN_IP_RANGE="192.168.10.0
LAN_IF="eth1"
ISP2_IF="ppp0"
# ip address from ppp connection
ISP2_IP=$(/sbin/ifconfig ppp0 |grep inet|awk {'print $2'}|cut -d":" -f2)
# ppp connection gateway
ISP2_GW=$(/sbin/ifconfig ppp0 |grep inet|awk {'print $3'}|cut -d":" -f2)
ip address add x.x.x.34 dev $ISP1_IF
ip address add x.x.x.36 dev $ISP1_IF
ip address add x.x.x.37 dev $ISP1_IF
depmod -a
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ipt_MARK
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables -t mangle -A PREROUTING -p tcp --dport 6667 -j MARK --set-mark 2
ip rule add prio 100 fwmark 2 lookup 100
ip route del default
ip route add default via $ISP1_GW table 100
ip route add default via $ISP2_GW
iptables -t nat -A POSTROUTING -o $ISP2_IF -s $LAN_IP_RANGE -j MASQUERADE
iptables -t nat -A POSTROUTING -o $ISP1_IF -s $LAN_IP_RANGE -j SNAT --to x.x.x.34-x.x.x.37
echo 1 > /proc/sys/net/ipv4/ip_forw
##########################
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was in return path filter.
echo 0 > /proc/sys/net/ipv4/conf/et
solves the problem.