by Hi all,
I am new to Linux IP Masquerading, and want to know if it
can do the following...
Suppose that I have two ADSL connections, connected to two
different ISPs. Both ISP would only accept packets with
source IP address associated with their respective ADSL,
and other packets would be dropped. I would not use the
two ADSL to host any kind of servers, and I only use them
for outbound connections.
What I want to do is to fully utilize the two ADSLs. I
plan to alternate my default route between the two ADSL
every 10 seconds, and masquerade the connection request
packets as the current outbound IP. Maybe I should use
and example:
My Linux box
172.16.1.2 ----------------- ISP1
-----------+
10.1.1.2 ----------------- ISP2
So ISP1 would only accept packets from 172.16.1.2, and ISP2
would only accept packets from 10.1.1.2. My Linux box have
an NIC with two IP: 172.16.1.2 and 10.1.1.2. When there's
an outbound connection request from my intranet, it will be
masqueraded according to the current default route. If default
route points to ISP1, it will be masqueraded as 172.16.1.2,
otherwise, it will be masqueraded as 10.1.1.2.
So far, IPTables seems to be able to do that. But to cope
with the filtering, I hope to route the subsequent packets
according to the connect request's masqueraded IP. So if
the connect request is masqueraded as 172.16.1.2, all the
subsequent packets of that sesssion would be masqueraded as
172.16.1.2, too, and being routed to ISP1. At the same
time, the default route of my Linux box would alternate
between the two ADSL every 10 seconds.
As I read the the NAT Howto, the SNAT is performed in the
POSTROUTING stage, so the packets might be masqueraded
correctly, but going out to the wrong ISP. Is there any
way to do source-based routing after SNAT?
Thanks in advance.
Chih-Cherng Chin