Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # add routing tables
- # flush old tables
- ip route flush table $TABLE1
- ip route flush table $TABLE2
- # add new table
- ip route add $GW1 dev $DEV1 src $IP1 table $TABLE1
- ip route add default via $GW1 table $TABLE1
- ip route add $GW2 dev $DEV2 src $IP2 table $TABLE2
- ip route add default via $GW2 table $TABLE2
- # add rule for lookup
- # remove old rule
- ip rule del from $IP1 table $TABLE1
- ip rule del from $IP2 table $TABLE2
- ip rule del fwmark 1 table $TABLE1
- ip rule del fwmark 2 table $TABLE2
- # add new rule
- ip rule add from $IP1 table $TABLE1
- ip rule add from $IP2 table $TABLE2
- ip rule add fwmark 1 table $TABLE1
- ip rule add fwmark 2 table $TABLE2
- # iptables rules for SNAT:
- iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source $IP1
- iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source $IP2
- # iptables for marking packet from originate source
- iptables -t mangle -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
- iptables -t mangle -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
- iptables -t mangle -A PREROUTING -i ppp0 -m state --state NEW -j CONNMARK --set-mark 1
- iptables -t mangle -A PREROUTING -i ppp1 -m state --state NEW -j CONNMARK --set-mark 2
- iptables -t mangle -A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
- iptables -t mangle -A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
- iptables -t mangle -A PREROUTING -m connmark ! --mark 0 -m state --state NEW -j CONNMARK --save-mark
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
