0

I have host which have ETH0, ETH1 as WAN interfaces, and WLAN0 as interface for clients. default route for host itself its eth0. And I need to route all nat clients to eth1 (masquerade). Tried to mark packets with iptables mangle (prerouting) - doesnt help.

Anyone knows how to do it ?

Improve this question

2 Answers 2

Reset to default
1

You may not need to mark packets at all. If you just want to route packets based on source address, you can simply do:

ip rule add from clients_subnet/mask tab 1 priority 500 ip route add default via second_gateway_ip dev eth1 tab 1

This will cause all packets originated from clients_subnet/mask to be forwarded via second_gateway_ip on eth1 interface. All other traffic will be forwarded via default gateway (given that no other rules are defined).

To do the NAT, you can just do:

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Improve this answer
2
  • unfortunately this doesn't work. Commented Mar 1, 2017 at 9:57
  • @Yury: You need to provide more details. Edit your question and show us exactly what you have done with any error you encountered. Commented Mar 1, 2017 at 10:24
0

Sorry, here is more details:

Here is test environment. Host has 2 interfaces: ens160 as main WAN, tun-test as WAN interface for NAT clients which connected on ens192.

root@ubuntu-16:/# ifconfig ens160 Link encap:Ethernet HWaddr 00:50:56:85:f7:ec inet addr:118.211.160.13 Bcast:118.211.160.15 Mask:255.255.255.248 inet6 addr: fe80::250:56ff:fe85:f7ec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6454 errors:0 dropped:11 overruns:0 frame:0 TX packets:743 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:421765 (421.7 KB) TX bytes:117602 (117.6 KB) ens192 Link encap:Ethernet HWaddr 00:50:56:85:c0:c6 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe85:c0c6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5544 errors:0 dropped:3 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:342182 (342.1 KB) TX bytes:3238 (3.2 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:160 errors:0 dropped:0 overruns:0 frame:0 TX packets:160 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB) tun-test Link encap:IPIP Tunnel HWaddr inet addr:192.168.100.2 P-t-P:192.168.100.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:336 (336.0 B) TX bytes:336 (336.0 B) root@ubuntu-16:/# ip rule 0: from all lookup local 500: from 192.168.1.0/24 lookup 10 32766: from all lookup main 32767: from all lookup default root@ubuntu-16:/# ip route show table 10 default via 192.168.100.1 dev tun-test root@ubuntu-16:/# sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 root@ubuntu-16:/# iptables-save # Generated by iptables-save v1.6.0 on Wed Mar 1 12:13:29 2017 *nat :PREROUTING ACCEPT [135:8626] :INPUT ACCEPT [110:6610] :OUTPUT ACCEPT [8:704] :POSTROUTING ACCEPT [7:620] -A POSTROUTING -o tun-test -j MASQUERADE COMMIT # Completed on Wed Mar 1 12:13:29 2017
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.