?
Solved

2 internet connection problem

Posted on 2005-04-26
3
Medium Priority
?
297 Views
Last Modified: 2010-03-18
       ------------------
---------| external ip eth0 | ----------
         --------------------------           |         |---------------------------
                                              |  -------| Internal IP eth1    |
         --------------------------           |         |--------------------------  
---------| external Ip eth2 | ----------
         --------------------------


i want to put web and ftp traffic to eth2 and all other traffic to eth0
is it possible can anybody help me to do that

here is my config
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.0.0/0 -d ! 192.168.0.0/16 -p tcp --dport 80 -j SNAT --Extermal IP on Eth2
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/0 -d ! 192.168.0.0/16 -j  SNAT --External IP on Eth0


213.32.208.248    0.0.0.0                255.255.255.248 U     0      0        0 eth0
213.32.208.248    0.0.0.0               255.255.255.248 U     0      0        0 ipsec0
192.168.5.0         213.32.208.249  255.255.255.0   UG    0      0        0 ipsec0
217.10.130.0        0.0.0.0              255.255.255.0   U     0      0        0 eth2
192.168.128.0      213.32.208.249  255.255.255.0   UG    0      0        0 ipsec0
192.168.0.0         0.0.0.0               255.255.255.0   U     0      0        0 eth1
192.168.32.0      213.32.208.249    255.255.240.0   UG    0      0        0 ipsec0
127.0.0.0            0.0.0.0               255.0.0.0       U     0      0        0 lo
0.0.0.0              213.32.208.249     0.0.0.0         UG    1      0        0 eth0
0.0.0.0               217.10.130.1        0.0.0.0         UG    2      0        0 eth2


Thanks is Advance
0
Comment
Question by:snedelchev
  • 2
3 Comments
 
LVL 9

Accepted Solution

by:
e-tsik earned 2000 total points
ID: 13873290
Hi :-)

This requires the use of iproute2. iproute2 itself does not "know" how to forward by port, but if you mark the packet, then you may use the "fwmark" classifier. Add this to your configuration:

iptables -t mangle -I INPUT -p tcp  --destination-port 80 -j MARK --set-mark 68482
iptables -t mangle -I FORWARD -p tcp --destination-port 80 -j MARK --set-mark 68482

/sbin/ip route add 192.168.0.0/24 dev eth1 table natips
/sbin/ip route add 127.0.0.0/8 dev lo  scope link table natips
/sbin/ip route add default via 217.10.130.1 dev eth2 table natips
/sbin/ip route flush cache

/sbin/ip rule add fwmark 68482 table natips

The number I used is just an arbitary number. You can change it if you like.
Also edit "/etc/iproute2/rt_tables" and add a line there that says:
200     natips

Enjoy!
0
 
LVL 3

Author Comment

by:snedelchev
ID: 13873435
Thank you e-tsik
i put this
iptables -A PREROUTING -i eth1 -t mangle -p tcp --dport 80 -j MARK --set-mark 66
to working now i'm testing
i think it working thank you very mutch
i will reward soon as i finish testing.
0
 
LVL 9

Expert Comment

by:e-tsik
ID: 13874510
Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month15 days, 19 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question