iptables - A novela

[Márcio Erli <marcioerli@gmail.com>]

Não consigo navegar da minha rede 192.160.7.0/24 de forma alguma.

O que pode estar errado?

IF_LAN='eth3'

IF_LINK1='eth1'

IF_LINK2='eth2'

GW_LINK1='200.235.xxx.xx'

GW_LINK2='200.195.xxx.xx'

iptables -t nat -A POSTROUTING -o $IF_LINK1 -j MASQUERADE

iptables -t nat -A POSTROUTING -o $IF_LINK2 -j MASQUERADE

iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 80 -j MARK --set-mark 2

iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 443 -j MARK --set-mark 2

iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 25 -j MARK --set-mark 3

iptables -t mangle -A PREROUTING -i $IF_LAN -p tcp --dport 110 -j MARK --set-mark 3

iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 2

iptables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark 2

iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 3

iptables -t mangle -A OUTPUT -p tcp --dport 110 -j MARK --set-mark 3

ip rule add fwmark 2 table 20 prio 20

ip rule add fwmark 3 table 21 prio 20

ip rule add from 192.160.7.0/24 table 20

# ip rule add from 192.170.0.0/24 table 21

ip route add default via $GW_LINK1 dev $IF_LINK1 table 20

ip route add default via $GW_LINK2 dev $IF_LINK2 table 21

ip route flush cache