NF-Cookbook.txt

Why did I not find this a week ago?!!

via. http://dev.medozas.de/NF-Cookbook.txt

5. Multiple internet connections -- same interface for all packets of a connection.

The ctmark/nfmark will encode the preferred output device.

-t mangle -N preferppp0
-t mangle -A preferppp0 -j CONNMARK --set-mark 10

-t mangle -N preferppp1
-t mangle -A preferppp1 -j CONNMARK --set-mark 11

# For connections coming from the Internet
-t mangle -N prefin
-t mangle -A prefin -i ppp0 -g preferppp0
-t mangle -A prefin -i ppp1 -g preferppp1

# For connections initiated from the LAN
-t mangle -N prefout
-t mangle -A prefout -o ppp0 -g preferppp0
-t mangle -A prefout -o ppp1 -g preferppp1

-t mangle -A PREROUTING -m connmark --mark 0 -m conntrack
--ctstate NEW -j prefin
# (Avoid routing packets onto ppp when they just came in on ppp)
-t mangle -A PREROUTING ! -i ppp+ -j CONNMARK --restore-mark

-t mangle -A FORWARD -m connmark --mark 0 -m conntrack
--ctstate NEW -j prefout
-t mangle -A OUTPUT -m connmark --mark 0 -m conntrack
--ctstate NEW -j prefout

Then do routing based on fwmark.

ip rule add fwmark 10 table 10
ip rule add fwmark 11 table 11
ip route add default via PROVIDER1 table 10
ip route add default via PROVIDER2 table 11

Post a Comment

Your email is never shared. Required fields are marked *

*
*