iptables SNAT to another eth ?

Using SUSE ...

From the router .. I can do ping -I eth3 google.com .. and it works .. and I did this in iptables

iptables -t nat -A POSTROUTING -s 10.2.0.240 -o eth3 -j SNAT --to-source 192.168.2.64

so .. the ip 10.2.0.240 should get routed through eth3 ! . but it doesn't !

x.x.x.x/30 dev eth1  proto kernel  scope link  src x.x.x.x
192.168.2.0/24 dev eth3  proto kernel  scope link  src 192.168.2.64
10.3.0.0/24 dev eth0  proto kernel  scope link  src 10.3.0.254
10.1.0.0/24 dev eth0  proto kernel  scope link  src 10.1.0.254
10.2.0.0/22 via 10.1.0.2 dev eth0
10.0.0.0/22 via 10.1.0.2 dev eth0
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via x.x.x.x dev eth1

:~> ip ro li table T3
192.168.2.0/24 dev eth3  scope link  src 192.168.2.64
default via 192.168.2.254 dev eth3

:~> ip ru li
dexter@GODZILLA:~> ip ru li
0:      from all lookup local
32765:  from 192.168.2.64 lookup T3
32766:  from all lookup main
32767:  from all lookup default

everything else works just fine .. but I want some ips to get through eth3 instead of eth1 !
patriciaeldridgeAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NopiusCommented:
> so .. the ip 10.2.0.240 should get routed through eth3 ! . but it doesn't !
You almost answered your question -A POSTROUTING means that this rule applies _after_ routing decision.  So that  '-o eth3' never matches your packet (remember that it matches a packet and doesn't route to eth3).
0
patriciaeldridgeAuthor Commented:
well .. how should it look then ? :D .. I still didn't get it right ! :)
0
NopiusCommented:
Let's decide what we need. Possible cases:
1) If you need just route all traffic from single host 10.2.0.240 to all destinations via eth3
2) If you need to route all traffic from entire 10.2.0.0 network to all destiations via eth3
3) If you need to route traffic from either 1 host or entire network as in 1) 2) AND muasquerade it as going from 192.168.2.64 address.
4) You need to route or route+masquerade as in 1) 2) 3) but not to all destinations

If I'm guessing right,  you need a case 3) with a single IP.

Then you need to modify both iptables and routing tables.
1) Delete your old rule
iptables -t nat -D POSTROUTING -s 10.2.0.240 -o eth3 -j SNAT --to-source 192.168.2.64
2) Create a new one:
iptables -t nat -A POSTROUTING -s 10.2.0.240 -o eth3 -j MASQUERADE
3) Now delete old routing rule.
ip rule del prio 32765
4) Add a new rule:
ip rule add from 10.2.0.240 table T3

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.