(no subject)
Feb. 24th, 2008 12:46 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
inakiWhee! Okay I got linux installed, and NAT and firewall rules in place and working.. now for the odd forwarding..
Anyone know iptables well enough to tell the system to direct NAT packets for ports 30000-50000 through eth1 instead of eth0? (with eth4 being the internal interface)
Anyone know iptables well enough to tell the system to direct NAT packets for ports 30000-50000 through eth1 instead of eth0? (with eth4 being the internal interface)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2008-02-24 09:04 am (UTC)no subject
Date: 2008-02-24 11:40 am (UTC)no subject
Date: 2008-02-25 02:34 am (UTC)Many providers filter packets, so if you're trying to send up DSL and down cable it won't work.
Best bet would be to change NAT to mangle the high ports to the base IP of eth1 rather then eth0. Something like this:
iptables -t nat -A POSTROUTING -p tcp --src 192.168.0.0/24 -m multiport --source-ports 30000:50000 -j SNAT --to-source
iptables -t nat -A POSTROUTING --src 192.168.0.0/24 -j SNAT --to-source
Now, I don't have two uplinks to test it on so I'm going from memory here - but that should NAT the high TCP ports one way, and the low ones the other. If the second rule overrides the first then reverse the order, I doubt it though.
You also have to make sure whatever program you want punted to eth1 is reporting the eth1 address for inbound connections, because once NAT is established it will continue to use the mapping and the packets will return out eth0.
There's also the problem of random source port allocation wandering through your range - you really should restrict your source ports tighter. Can you use UPnP and make a policy for the program?
Finally use policy routing/source-based routing to push eth1 IP packets out 0/0 for eth1 rather then eth0.