I have a dual ISP setup and while I prefer one provider for output by default,
I
have come across a situation where I want to force the traffic from a given IP
address on my lan through the (non-default) provider, which I did with a
route_rules entry:
10.75.22.101 - IGS 1002
and that is having the desired effect with a route rule table looking like:
0: from all lookup local
1000: from all to 10.75.23.0/24 lookup main
1001: from all to 10.8.0.0/24 lookup main
1002: from 10.75.22.101 lookup IGS
10000: from all fwmark 0x100 lookup CGCO
10001: from all fwmark 0x200 lookup IGS
20000: from 7.1.7.2 lookup CGCO
20256: from 6.1.3.4 lookup IGS
32766: from all lookup main
32767: from all lookup default
and the particular traffic does seem to be using the correct provider's output
interface (ppp0), however the source of the these particularly directed packets
on the ppp0 interface (IGS) is the address of the "preferred" provider's
(CGCO)'s interface: 7.1.7.2. I would have thought the following nat table rules
would have corrected that:
Chain POSTROUTING (policy ACCEPT 782 packets, 47801 bytes)
pkts bytes target prot opt in out source destination
1 1400 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0
2581 201K eth0.1_masq all -- * eth0.1 0.0.0.0/0 0.0.0.0/0
Chain ppp0_masq (1 references)
pkts bytes target prot opt in out source destination
1 1400 SNAT all -- * * !6.1.3.4 0.0.0.0/0 to:6.1.3.4
But according to the tcpdumping on ppp0, it's not having any effect.
So what am I misunderstanding about all of this?
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
