On Thu, 2 Mar 2000 [EMAIL PROTECTED] wrote: > > We have two companies sharing LAN infrastructure and ONE firewall, but we have > > two different ISPs. Traffic from company1 should go out via ISP1, traffic from > > company2 should go out via ISP2. Of course, we have only one IP address per > > ISP because we are two very small companies, and of course no chance to get a > > routing protocol like RIP or so. > > # now I want to use routing table company2 for company2 > > ip rule add from 192.168.20.0/24 table company2 priority 20 > > > This is not what you want. According to manual you should write > ip rule add from 192.168.20.0/24 nat 2.3.4.5 table company2 prio 20 > and then > ip rule add from 192.168.10.0/24 nat 1.2.3.4 [table main] prio 30 > > # and now my problem starts: > > # the iproute2 docs say that route NAT in Kernel 2.2 is NOT a > > # replacement for IP masquerading, so I tried ipchains > Strange. NB on page 51 of "IP command reference" says: > "The exception is when the address is a local address of > this router ... and masquerading is configured in the > kernel. In this case router will masquerade packets as this > address." > Or you mean that this feature is broken? I just tried your suggestions. See example below. I tried it both with nat 0 and nat <localip>. Nat 0 works fine and does masquerading. Nat <localip> just seems to do mapping, no masquerading is done. I think that either the feature is broken or the manual is in error. Script started on Thu Mar 2 21:08:28 2000 kerberos:~# ip rule ls 0: from all lookup local 32764: from 192.168.70.0/24 lookup 70 map-to <provider2-ip> 32765: from 192.168.10.0/24 lookup main masquerade 32766: from all lookup main 32767: from all lookup default kerberos:~# ip route ls table 70 throw 192.168.70.0/24 # or even 192.168.70.0/24 dev eth1 throw <provider2-net>/24 # analog to above default via <provider2-gw> dev eth1 kerberos:~# ip route ls <provider1-net> dev ppp0 proto kernel scope link src <provider1-ip> 192.168.70.0/24 dev eth1 proto kernel scope link src 192.168.70.1 10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.1 <provider2-net>/24 dev eth1 proto kernel scope link src <provider2-ip> 192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.199 default via <provider1-gw> dev ppp0 kerberos:~# exit Script done on Thu Mar 2 21:08:43 2000 regards Alex - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
