-
-
Save mariusv/780838 to your computer and use it in GitHub Desktop.
#!/bin/sh
DEV1=ppp0
IP1=100.0.1.1
GW1=100.0.1.254
TABLE2=connection2
DEV2=ppp1
IP2=100.0.2.1
GW2=100.0.2.254
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev '(^default|ppp)' | while read ROUTE ; do
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
DEV1=ppp0 | |
IP1=100.0.1.1 | |
GW1=100.0.1.254 | |
TABLE2=connection2 | |
DEV2=ppp1 | |
IP2=100.0.2.1 | |
GW2=100.0.2.254 | |
ip route flush table $TABLE1 | |
ip route flush table $TABLE2 | |
ip route show table main | grep -Ev '(^default|ppp)' | while read ROUTE ; do | |
ip route add table $TABLE1 $ROUTE | |
ip route add table $TABLE2 $ROUTE | |
done | |
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1 | |
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2 | |
ip route add table $TABLE1 default via $GW1 | |
ip route add table $TABLE2 default via $GW2 | |
ip route output: | |
~# ip route show | |
100.0.1.254 dev ppp0 proto kernel scope link src 100.0.1.1 | |
100.0.2.254 dev ppp1 proto kernel scope link src 100.0.2.1 | |
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 | |
default via 100.0.1.254 dev ppp0 | |
~# ip route show table connection1 | |
100.0.1.254 dev ppp0 proto kernel scope link src 100.0.1.1 | |
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 | |
default via 100.0.1.254 dev ppp0 | |
~# ip route show table connection2 | |
100.0.2.254 dev ppp1 proto kernel scope link src 100.0.2.1 | |
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 | |
default via 100.0.2.254 dev ppp1 | |
Add the ip rules: | |
ip rule add from 100.0.1.1 lookup connection1 | |
ip rule add from 100.0.2.1 lookup connection2 | |
ip rule add fwmark 1 lookup connection1 | |
ip rule add fwmark 2 lookup connection2 | |
Add the iptables rules for SNAT: | |
iptables -A POSTROUTING -o ppp0 -j SNAT --to-source 100.0.1.1 | |
iptables -A POSTROUTING -o ppp1 -j SNAT --to-source 100.0.2.1 | |
And finally add the rules for marking the connection they should be going out on. The first PREROUTING rule is for packets we forward to be returned via the interface they were received on. The OUTPUT rule is for packets handled on this PC to be returned on the correct interface too. We only want to mark new packets and restore marks on established connections else the packets | |
-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark | |
-A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark | |
-A PREROUTING -i ppp0 -m state --state NEW -j CONNMARK --set-mark 1 | |
-A PREROUTING -i ppp1 -m state --state NEW -j CONNMARK --set-mark 2 | |
-A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1 | |
-A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2 | |
-A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark | |
Selective routing: | |
To send all outgoing traffic on a specific table: | |
-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark 2 | |
-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark 2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment