policy routing and NAT

Discussion in 'Linux Networking' started by jens, Aug 28, 2003.

  1. jens

    jens Guest

    I use a multihomed enviroment on a Linux-box with 2.4.22 and iptable
    1.2.8 which stateful inspection.

    Internal eth0:
    external 1: ppp0 with staic $IP1 gateway: $GW1
    external 2: ppp2 with dynamic $IP2 gateway $GW2

    I want to use policy routing with the following rules (this is only a

    ip rule add fwmark 5 table t1.out
    ip rule add fwmark 6 table t2.out
    ip route add default via $GW1 src $IP1 table t1.out
    ip route add default via $GW2 src $IP2 table t2.out

    ip route add default via $GW1

    iptable -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
    iptable -t nat -A POSTROUTING -o ppp2 -j MASQUERADE

    iptable -t mangle -A PREROUTING -p icmp --icmp-type ping -j MARK
    --setmark 6
    iptable -t mangle -A OUTPUT -p icmp --icmp-type ping -j MARK
    --setmark 6

    This works fine for all forwarded traffic, but every icmp-traffic
    originated by the router itself goes out to ppp2 with the source IP

    What have I to change, that the source IP for outgoing traffic on ppp2
    and originated from the router will be changed to $IP2 (the address of
    jens, Aug 28, 2003
