Old server that works...

1.  
2. /- ISP1 174.*
3. Client -> Linux Router -- ISP2 50.*
4. \- VPN1 10.* -> ISP3
5.  
6.  
7. Linux 2.6.16-1mdk-i686-up-4GB #1 Fri May 19 19:35:23 CEST 2006 i686 AMD Athlon(tm) Processor GNU/Linux
8. [root@ipso ~]# cat /etc/iproute2/rt_tables
9. #
10. # reserved values
11. #
12. 255 local
13. 254 main
14. 253 default
15. 0 unspec
16. #
17. # local
18. #
19. #1 inr.ruhep
20. 1 ISP1
21. 2 ISP2
22. 3 VPN1
23.  
24. [root@ipso ~]# ip route show
25. 10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
26. 174.4.10.78 dev eth0 scope link src 174.4.10.78
27. 174.4.8.0/22 dev eth0 proto kernel scope link src 174.4.10.78 metric 10
28. 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 metric 10
29. 50.92.224.0/19 dev eth2 proto kernel scope link src 50.92.244.54 metric 10
30. 50.92.244.54 dev eth2 scope link src 50.92.244.54
31. 63.211.239.14 via 50.92.224.1 dev eth2
32. 8.3.252.23 via 50.92.224.1 dev eth2
33. default via 174.4.8.1 dev eth0
34.  
35. [root@ipso ~]# ip rule show
36. 0: from all lookup local
37. 32760: from all fwmark 0x3 lookup VPN1
38. 32761: from all fwmark 0x2 lookup ISP2
39. 32762: from all fwmark 0x1 lookup ISP1
40. 32763: from 10.8.0.2 lookup VPN1
41. 32764: from 50.92.244.54 lookup ISP2
42. 32765: from 174.4.10.78 lookup ISP1
43. 32766: from all lookup main
44. 32767: from all lookup default
45.  
46. [root@ipso ~]# iptables -S
47. -P INPUT ACCEPT
48. -P FORWARD ACCEPT
49. -P OUTPUT ACCEPT
50. -A INPUT -s 207.150.193.134/32 -p tcp -m tcp --dport 5060:5061 -j ACCEPT
51. -A INPUT -s 64.34.96.201/32 -p tcp -m tcp --dport 5060:5061 -j ACCEPT
52. -A INPUT -s 64.34.96.202/32 -p tcp -m tcp --dport 5060:5061 -j ACCEPT
53. -A INPUT -s 8.3.252.23/32 -p tcp -m tcp --dport 5060:5061 -j ACCEPT
54. -A INPUT -s 63.211.239.14/32 -p tcp -m tcp --dport 5060:5061 -j ACCEPT
55. -A INPUT -s 207.150.193.134/32 -p udp -m udp --dport 5060:5061 -j ACCEPT
56. -A INPUT -s 64.34.96.201/32 -p udp -m udp --dport 5060:5061 -j ACCEPT
57. -A INPUT -s 64.34.96.202/32 -p udp -m udp --dport 5060:5061 -j ACCEPT
58. -A INPUT -s 8.3.252.23/32 -p udp -m udp --dport 5060:5061 -j ACCEPT
59. -A INPUT -s 63.211.239.14/32 -p udp -m udp --dport 5060:5061 -j ACCEPT
60. -A INPUT -i eth0 -p tcp -m tcp --dport 5060:5061 -j DROP
61. -A INPUT -i eth2 -p tcp -m tcp --dport 5060:5061 -j DROP
62. -A INPUT -i eth0 -p udp -m udp --dport 5060:5061 -j DROP
63. -A INPUT -i eth2 -p udp -m udp --dport 5060:5061 -j DROP
64. -A INPUT -s 68.75.86.8/32 -j DROP
65. -A INPUT -s 174.133.3.178/32 -j DROP
66.  
67. [root@ipso ~]# iptables -S -t nat
68. -P PREROUTING ACCEPT
69. -P POSTROUTING ACCEPT
70. -P OUTPUT ACCEPT
71. -A PREROUTING -i eth0 -p tcp -m tcp --dport 88 -j DNAT --to-destination 192.168.1.19
72. -A PREROUTING -i eth0 -p tcp -m tcp --dport 3074 -j DNAT --to-destination 192.168.1.19
73. -A PREROUTING -i eth2 -p tcp -m tcp --dport 88 -j DNAT --to-destination 192.168.1.19
74. -A PREROUTING -i eth2 -p tcp -m tcp --dport 3074 -j DNAT --to-destination 192.168.1.19
75. -A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.9:80
76. -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.9:443
77. -A PREROUTING -i eth0 -p tcp -m tcp --dport 4343 -j DNAT --to-destination 192.168.1.9:443
78. -A PREROUTING -i eth0 -p tcp -m tcp --dport 69 -j DNAT --to-destination 192.168.1.9:69
79. -A PREROUTING -i eth0 -p udp -m udp --dport 69 -j DNAT --to-destination 192.168.1.9:69
80. -A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.1.9:22
81. -A PREROUTING -i eth0 -p tcp -m tcp --dport 2323 -j DNAT --to-destination 192.168.1.201:23
82. -A PREROUTING -i eth0 -p tcp -m tcp --dport 2380 -j DNAT --to-destination 192.168.1.201:80
83. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5501 -j DNAT --to-destination 192.168.1.98:5501
84. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5800 -j DNAT --to-destination 192.168.1.98:5800
85. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5900 -j DNAT --to-destination 192.168.1.98:5900
86. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.1.98:5901
87. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5902 -j DNAT --to-destination 192.168.1.98:5902
88. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5903 -j DNAT --to-destination 192.168.1.98:5903
89. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5904 -j DNAT --to-destination 192.168.1.98:5904
90. -A PREROUTING -i eth0 -p tcp -m tcp --dport 5910 -j DNAT --to-destination 192.168.1.9:5900
91. -A PREROUTING -i eth0 -p tcp -m tcp --dport 40696 -j DNAT --to-destination 192.168.1.99:40696
92. -A PREROUTING -i eth0 -p tcp -m tcp --dport 50263 -j DNAT --to-destination 192.168.1.9:50263
93. -A PREROUTING -i eth0 -p udp -m udp --dport 4444 -j DNAT --to-destination 192.168.1.9:4444
94. -A PREROUTING -i eth0 -p udp -m udp --dport 6881 -j DNAT --to-destination 192.168.1.9:6881
95. -A PREROUTING -i eth0 -p tcp -m tcp --dport 6881 -j DNAT --to-destination 192.168.1.9:6881
96. -A PREROUTING -i eth0 -p udp -m udp --dport 1200 -j DNAT --to-destination 192.168.1.98:1200
97. -A PREROUTING -i eth0 -p udp -m udp --dport 27000:27015 -j DNAT --to-destination 192.168.1.98
98. -A PREROUTING -i eth0 -p tcp -m tcp --dport 27030:27039 -j DNAT --to-destination 192.168.1.98
99. -A POSTROUTING -o tun0 -j SNAT --to-source 10.8.0.2
100. -A POSTROUTING -o eth2 -j SNAT --to-source 50.92.244.54
101. -A POSTROUTING -o eth0 -j SNAT --to-source 174.4.10.78
102.  
103. [root@ipso ~]# iptables -S -t mangle
104. -P PREROUTING ACCEPT
105. -P INPUT ACCEPT
106. -P FORWARD ACCEPT
107. -P OUTPUT ACCEPT
108. -P POSTROUTING ACCEPT
109. -A PREROUTING -i eth1 -p udp -m udp --dport 4569 -j MARK --set-mark 0x2
110. -A PREROUTING -p udp -m udp --dport 5060:5061 -j MARK --set-mark 0x2
111. -A PREROUTING -p udp -m udp --dport 10000:20000 -j MARK --set-mark 0x2
112. -A PREROUTING -s 192.168.1.19/32 -i eth1 -j MARK --set-mark 0x3
113. -A PREROUTING -d 69.53.236.17/32 -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x3
114. -A PREROUTING -d 69.53.236.17/32 -i eth1 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x3
115. -A PREROUTING -d 24.244.52.81/32 -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x3
116. -A PREROUTING -d 24.244.52.99/32 -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x3
117. -A PREROUTING -d 24.244.52.83/32 -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x3
118. -A PREROUTING -d 24.244.52.104/32 -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x3
119. -A PREROUTING -d 24.244.52.83/32 -i eth1 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x3
120. -A PREROUTING -d 24.244.52.104/32 -i eth1 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x3
121. -A PREROUTING -d 64.59.168.13/32 -i eth1 -j MARK --set-mark 0x1
122. -A PREROUTING -d 64.59.168.15/32 -i eth1 -j MARK --set-mark 0x1
123. -A PREROUTING -d 154.11.128.187/32 -i eth1 -j MARK --set-mark 0x2
124. -A PREROUTING -d 154.11.128.59/32 -i eth1 -j MARK --set-mark 0x2
125. -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 0x10
126. -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 0x10
127. -A PREROUTING -p tcp -m tcp --sport 4569 -j TOS --set-tos 0x10
128. -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 0x10
129. -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 0x08
130. -A PREROUTING -p icmp -m icmp --icmp-type 8 -j TOS --set-tos 0x10
131. -A PREROUTING -p udp -j TOS --set-tos 0x10
132. -A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
133. -A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
134. -A OUTPUT -p tcp -m tcp --dport 4569 -j TOS --set-tos 0x10
135. -A OUTPUT -p tcp -m tcp --dport 21 -j TOS --set-tos 0x10
136. -A OUTPUT -p tcp -m tcp --dport 20 -j TOS --set-tos 0x08
137. -A OUTPUT -p icmp -m icmp --icmp-type 8 -j TOS --set-tos 0x10
138. -A OUTPUT -p udp -j TOS --set-tos 0x10
139.  
140. [root@ipso ~]# iptables -S -t raw
141. -P PREROUTING ACCEPT
142. -P OUTPUT ACCEPT