|
firewall/filtering
i have two connections of internet, one 64 kbps and 2nd 128 kbps, squid and iptables running, i want to filter traffic if my client wants ftp downloads then 2nd connection should be utilize, and if client want to access http:// then all traffic should go to 1st interface,
how to implement? any one have idea thanks |
Hi,
assuming you've 2 NICs and 2 IPs from your 2 ISPs : ISP1 => $IP1, $NIC1 ISP2 => $IP2, $NIC2 let's say that your lan is 192.168.0.0/24 Then you can use : Code:
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -p tcp --dport 80 -j SNAT --to-source $IP1Web trafic will be tranlsated to $IP1, so it will go out through the ISP1's interface All other trafic will be tranlsated to $IP2, so it will go out through the ISP2's interface Of course you can use filters like -p tcp --dport 80 in the second POSTROUTING rule, but if you have many rules to apply, then you should create a new chain so as to make your script more clear (and maybe more powerfull, but I'm not sure of this). |
| All times are GMT -5. The time now is 03:17 PM. |