Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #setup the route table per wan
- ip route add 0/0 via <gw1> dev <wan1> table 11
- ip route add 0/0 via <gw2> dev <wan2> table 12
- #reply from right local addresses
- ip rule add from <wan1_ip> table 11 pref 91
- ip rule add from <wan2_ip> table 12 pref 92
- #route by mark
- ip rule add fwmark 11 table 11 pref 101
- ip rule add fwmark 12 table 12 pref 102
- #setup the dnat
- iptables -t nat -A PREROUTING -i <wan1> --dst <wan1_ip> -p <proto> --dport <service-port> -j DNAT --to <int_server_ip>
- iptables -t nat -A PREROUTING -i <wan2> --dst <wan2_ip> -p <proto> --dport <service-port> -j DNAT --to <int_server_ip>
- #mark the incoming connections with CONNMARK
- iptables -t mangle -A PREROUTING -i <wan1> -m conntrack --ctstatus DNAT --ctstatus NEW -j CONNMARK --set-mark 11
- iptables -t mangle -A PREROUTING -i <wan2> -m conntrack --ctstatus DNAT --ctstatus NEW -j CONNMARK --set-mark 12
- #reflect the connmark to firewall mark in reply packets
- iptables -t mangle -A PREROUTING -i <lan> --src <int_server_ip> -j CONNMARK --restore-mark
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
