Serious Iptables/routing question

adelante · Posted: Thu Jun 29, 2006 5:30 pm Post subject: Serious Iptables/routing question

Hi,

I wonder if anyone could help me with the following question I have.

http://img407.imageshack.us/img407/7796/problem7on.jpg

Facts:
=====
Firewalls Default route is 196.23.0.1
The Servers default gateway is 192.168.0.1
By default, incoming traffic will come over the diginet line.

What I want to achive:
===============
if incoming traffic has the destination IP 196.23.0.12, NAT to 192.168.0.20
the reply packets will obviously be sent back out through the diginet line.

If the server makes its own internet request (say u open a page on the server using lynx)
The firewall must push the connection out via the adsl line and NOT the diginet line.

or even better

if the server makes a connection to a specific host or network on the internet,
the firewall must route that connection out via the adsl, and not over the diginet line.

Whats working already:
===============
Now I have the diginet line side of things working already, its the adsl side of things that i need some help with?

thanks
Dave

expat_iain · Guru Joined: 09 Jan 2004 Posts: 361 Location: Malta GC

You need to tell the firewall to set the next hop address to 192.2.0.1 for traffic originating from 192.168.0.20 to destination w.x.y.z. Take a look at iproute2.

Iain.

adelante · Posted: Thu Jun 29, 2006 6:18 pm Post subject:

normally i would do it like that,

but i was thinking of using the geoip patch and the route patch and doing something like this:

iptables -A PREROUTING -t mangle -m geoip --dst-cc US -i LAN -s 192.168.0.20 --j ROUTE --gw 196.2.0.1

would that work?

or would it stuff up any incoming packets that are coming into the server over the diginet line?

adelante · Posted: Sat Jul 01, 2006 8:20 am Post subject:

no body have an idea about this?

expat_iain · Guru Joined: 09 Jan 2004 Posts: 361 Location: Malta GC

Try it out.