I'm trying to get selective traffic(by port) go through the specified interface(i have TWO internet providers with two different ip address in two different interfaces) I'm following instructions from this site (linux-ip.net/html/adv-multi-internet.html) and basically what I did is:
- Add the respective ip address to ethx(x.x.x.2), ethy(y.y.y.2), ethz(z.z.z.2).
- Allow INPUT, OUTPUT, FORWARD traffic for testing purposes.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT - Enable masquerade in both internet providers interfaces:
iptables -t nat -A POSTROUTING -o ethx -j MASQUERADE
iptables -t nat -A POSTROUTING -o ethz -j MASQUERADE - Enable kernel ip_forward:
echo 1 > /proc/sys/net/ipv4/ip_forward - Separate IP2(internet provider 2) routing information in its own table (tableX):
ip route add x.x.x.0/28 dev ethx table tableX
ip route add y.y.y.0/24 dev ethy table tableX
ip route add default via x.x.x.1 dev ethx table tableX
ip rule add from x.x.x.2 table tableX - Set default (main table) route to IP1(internet provider 1):
ip route add default via z.z.z.1 dev ethz - Mark selected traffic to avoid this going through the default route(z.z.z.1):
iptables -t mangle -A PREROUTING -i ethy -p tcp --dport 3389 -j MARK --set-mark 200 - Finally set marked packets to go through selected table:
ip rule add fwmark 200 table tableX
The problem is that a computer in the LAN side(y.y.y.0/24) is unable to connect to the external target. Using tcpdump to trace the traffic in the ethx interface shows that the packet is actually reaching the target AND that the target is responding back, BUT this response never gets to the client(as shown by a tcpdump in the ethy interface). The weird point is that if i replace the step 7(the mangle rule) with an iproute2 rule:
ip rule add from y.y.y.155 table tableX
Everything works. But since I ONLY need this specific port traffic(3389) go through this interface this solution is unacceptable. Any clues?
Thanks in advance.
Linear Mode
