fwmark / routing (again) ...
Pardon if it´s a already answered question (and for my english). I´m trying to do that Samuel Lucas Vaz do; but I´ve got tow ADSL lines with the same gateway. The question is: Is the mentioned method valid for my installation?. I´ve applied the patches to the kernel and I´ve readed de "nano-howto".
I´think that this would have to work because the patch looks for routes based in source address, destination address, interface and gateway but it don´t work for me. The packets out by ppp1 but with ppp0 source address.
I wish only to know if the mentioned method is applicable. If it is, I will review my configuration.
you should add rules and tables to route with the propertly source.
take a look at the nano HOWTO
You can do it without firewall rules...
Here is an example, the rule 201 and 202 is only for route with the right source.
# rule with source address 184.108.40.206
ip rule add prio 201 from 220.127.116.11/26 table 201
ip route add default via 200.203.186.GATEWAY dev eth1 src 18.104.22.168 proto static table 201
ip route append prohibit default table 201 metric 1 proto static
# rule with source address 10.0.0.138
ip rule add prio 202 from 10.0.0.0/24 table 202
ip route add default via 10.0.0.138 dev eth2 src 10.0.0.140 proto static table 202
ip route append prohibit default table 202 metric 1 proto static
#if you want to do it without firewall
ip rule add prio 50 table main #only for local routing, with 50 as preference
ip route del default table main #internet gateways will be added in the table 222, not in the main table
ip rule add prio 222 table 222 #rule with gateways
ip route add default table 222 proto static \ #route with gateways, you can put a metric for each gateway
nexthop via 200.203.186.GATEWAY dev eth1 \
nexthop via 10.0.0.138 dev eth2
Samuel Lucas Vaz de Mello wrote:
> I have a linux box with 2 internet links (eth1 - 22.214.171.124 and eth2 - 10.0.0.140 [the adsl router will masq to a valid ip])
> I'm trying to make it send some packages trought eth1 and others via eth2. I'm using fwmark and iproute2.
> (for testing, i'm trying to make it send all icmp trafic trought eth2 [10.0.0.140], and others packages via eth1)
> # iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark 5
> # ip rule add fwmark 5 table 5
> # ip route add default 10.0.0.138 table 5
> # ip route show
> 126.96.36.199/26 dev eth1 proto kernel scope link src 188.8.131.52
> 10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.140
> default via 184.108.40.206 dev eth1
> # ip route show table 5
> default via 10.0.0.138 dev eth2
> # ip rule show
> 0: from all lookup local
> 32765: from all fwmark 5 lookup 5
> 32766: from all lookup main
> 32767: from all lookup default
> # ip route flush cache
> # ping hara2.uol.com.br
> (no response)
> # tcpdump -i eth2 | grep icmp
> 15:31:32.228774 220.127.116.11 > hara2.uol.com.br: icmp: echo request (DF)
> It's seem that the package is going to the correct link, but with the wrong source...
> Somo idea about why?
> - Samuel