> -----Original Message----- > From: William L. Thomson Jr. [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 14, 2002 4:22 AM > To: [EMAIL PROTECTED] > Subject: NAT questions while attempting to load balance > > > To begin with I apologize for not having had enough time to properly > search through the archives for previous answers to my question(s). > > > My scenario is I have two seperate SDSL lines through different > providers. Each comes with their own block of public IP's. I have not > contacted each ISP to request that they route for my other > ISP's block. > > I am to small to ask for something like that. They will most > likely say no. > > I had hoped to be able to load balance traffic both incoming and > outgoing through the two lines, but am losing hope that it > can be done. > > I have tried several different scenarios but believe my > current one is > the only solution. > > I have two DNS servers, and each server is so to speak, dedicated to > each line. If you talk to dns 1 it will return public ip's > for line 1. > If you talk to dns 2 it will return public ip's for line 2. > > So here is where my nat problem lies. Here is a diagram to > express what > I am trying to do. > > > SDSL Router 1 ----- | | | |----DNS1 > |Linux | | |----DNS2 > | |-------|Switch|----DB > |Router| | |----FTP > SDSL Router 2 ----- | | | |----WWW > > So if someone was using line 1 and communicating with the www > server it > would be double nat'ed. > > Public IP <-----> 10.0.1.10 <-----> 192.168.1.10 > > If someone was using line 2 and communicating with the www server it > would be double nat'ed. > > Public IP <-----> 10.0.2.10 <-----> 192.168.1.10 > > > I have no problem doing the Destination nat'ing. It's the > source I have > a problem with. > > I need to be able to translate 192.168.1.10 into both 10.0.1.10 and > 10.0.2.10. > > I was hoping to do the translation based on the interface, > but that is > were my problem lies. > > So far I have not been able to map the source IP to an > outgoing interface. > > Here is what I have > > iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT > --to-source 10.0.1.10 > > iptables -t nat -I POSTROUTING -s 192.168.1.10 -j SNAT > --to-source 10.0.2.10 > > > I would like to use something along the lines of > > iptables -t nat -I POSTROUTING -i eth1 -s 192.168.1.10 -j SNAT > --to-source 10.0.1.10 > > iptables -t nat -I POSTROUTING -i eth2 -s 192.168.1.10 -j SNAT > --to-source 10.0.2.10 >
Try this iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -i eth1 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -p tcp -m state --state NEW -i eth2 -j MARK --set-mark 0x2 ... iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to-source 10.0.1.10 iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source 10.0.2.10 HTH Regards, Andrew Kozachenko
