Linux 2.2, iproute2, policy routing AND masquerading...

[Alexander List]

Hello,

I have a problem ;-) and couldn't find an answer in the docs, newsgroups
or mailing list archives so I'm trying this list as a last resort...

The following is symbolic, so you can get the picture...

We have two companies sharing LAN infrastructure and ONE firewall, but we have
two different ISPs. Traffic from company1 should go out via ISP1, traffic from
company2 should go out via ISP2. Of course, we have only one IP address per
ISP because we are two very small companies, and of course no chance to get a
routing protocol like RIP or so.

I read somewhere that Linux 2.2 supports policy routing, so I gave it a try...

        # first, switch on interfaces ;-)
        ip link set lo up   # loopback interface
        ip link set eth0 up # interface to company1 LAN
        ip link set eth1 up # interface to company2 LAN
        ip link set eth2 up # interface to external LAN (ISPs)

        # loopback
        ip addr add 127.0.0.1/8 dev lo

        # private IP network of company1
        ip addr add 192.168.10.1/24 dev eth0

        # private IP network of company2
        ip addr add 192.168.20.1/24 dev eth1
        # don't know if that route is necessary, but it won't break anything
        ip route add 192.168.20.0/24 dev eth1 table company2

        # routing to ISPs
        ip addr add 1.2.3.4/24 dev eth2 # connection to ISP 1
        ip route add 1.2.3.0/24 dev eth2
        ip route add 0.0.0.0/0 via 1.2.3.1 # default route for company1

        ip addr add 2.3.4.5/24 dev eth2 # connection to ISP 2
        ip route add 2.3.4.0/24 dev eth2

        # now I want to use routing table company2 for company2
        ip rule add from 192.168.20.0/24 table company2 priority 20     
        # and of course another default route for that company
        ip route add 0.0.0.0/0 via 2.3.4.1 table company2

        # and now my problem starts:
        # the iproute2 docs say that route NAT in Kernel 2.2 is NOT a
        # replacement for IP masquerading, so I tried ipchains

        ipchains -A forward -j MASQ -s 192.168.10.0/24 -d 0.0.0.0/0
        ipchains -A forward -j MASQ -s 192.168.20.0/24 -d 0.0.0.0/0


However, this won't work for some reason. Can the IP masquerading code work
with the advanced router, multiple routing tables etc.? Or is there another
solution anyone can think of?

Am I right that if there's no default route in my "special" routing table
company2, the default route in the "main" table is used as a kind of
fall-through?

Any suggestions are welcome

Thank you


Alexander List
<[EMAIL PROTECTED]>

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]