[clug] iptables help

Andrew Smith andrew at coolchilli.com
Sun Sep 28 14:47:13 EST 2003 

Oh man, that's far too freaky.  I've *just* finished my rules for exactly
the same configuration (512k SDSL and 1.5Mbps ADSL)...except my SDSL runs
from the same box.

For the extra routing table, your /etc/iproute2/rt_tables should have the
following line:
201     webftp.out

Here's the relevant prerouting stuff to shove certain packets down the
1.5Mbps:

# Standard SNATing and MASQUERADING
iptables -t nat -A POSTROUTING -o $sdsl -j SNAT --to-source x.x.x.x
iptables -t nat -A POSTROUTING -o $flat -j MASQUERADE

# Use of the Flat Rate ADSL link
ip route add default dev $flat table webftp.out
ip rule add fwmark 1 table webftp.out
# Local LAN
iptables -A PREROUTING -t mangle -i $localif -p tcp --dport 21 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -i $localif -p tcp --dport 80 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -i $localif -p tcp --dport 443 -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -i $localif -p tcp --dport 1024: -j
MARK --set-mark 0x1
iptables -A PREROUTING -t mangle -i $localif -p udp --dport 1024: -j
MARK --set-mark 0x1

Good luck!
Andrew

> -----Original Message-----
> From: linux-bounces+andrew=coolchilli.com at lists.samba.org
> [mailto:linux-bounces+andrew=coolchilli.com at lists.samba.org]On Behalf Of
> Andrew
> Sent: Sunday, 28 September 2003 1:38 PM
> To: linux at lists.samba.org
> Subject: [clug] iptables help
>
>
> Hi All!
>         I don't normally like asking for help like this, but I am
> away from home and in a hurry ;)  I was hoping on solving the
> following problem....
>
> I have a local network with 2 DSL connections, one is a
> 1.5Mbit/256K and the other a 512K/512K - I want to pass all http
> (port 80) traffic through the first link (1.5/256) and everything
> else through the second (512K/512K).
>
> The first connection is terminated as "ppp0" on a linux (debian)
> router.  The second is terminated on a hardware router (built in NAT).
>
> The debian box has 3 ethernet interfaces
>
> eth0 - LAN (10.10.10.0/24) - with an ip of 10.10.10.1
> eth1 - Used for the 1.5Mbit connection (ppp0)
> eth2 - Used to communicate with the hardware router (10.10.9.0/24
> - the hardware router has the address 10.10.9.2)
>
>
> So - ideally - *LAN* --->  *DEBIAN BOX* ---
>                                                              If
> port 80 ---> ppp0
>
> Everything else ---> 10.10.9.2 via eth2
>
> Any examples/help/pointers will be greatly appreciated.
>
> Many thanks,
>                   Andrew
> P.S The tap water in Melbourne tastes funny :\
>
>

More information about the linux mailing list