iptables/route multiple outgoing interfaces choosen on IP range
 

Hi,

This is my situation.
I have a PC used as a router. I have 3 interfaces on that one:
- eth0: my local network
- eth1: internet connection 1
- eth2: internet connection 2

With dnsmasq I'm using IP range 192.168.1.1-192.168.1.255 as dynamic IP's and I'm using IP range 192.168.2.1-192.168.2.255 for my fixed IP's.
I want that all IP's of range 192.168.1.0 are using eth1 and all IP's of range 192.168.2.0 to use eth2 as internet connection.

I tryed with iptables but I only succeeded with all IP's on one interface (using masquerade).

By this I'm asking your help because I'm stuck...
Thanks!

Want to clarify more.

1. You want 192.168.1.0 network to go out using eth1
2. You want 192.168.2.0 network to go out using eth2

You tried IPtables MASQUUERADE and it is going only through eth1

Is all mentioned above is correct? if yes, then

Did you put a policy route to route traffic from 192.168.2.0 network should use eth2 as outgoing interface?

Yes this is correct.
But I have no idea what interface it is using to go out...
So as I may have understand in your reply, I should use route to choose between the interfaces?

Some extra information (I'm using VirtualBx to test the architecture).
When using 2 devices in total (1 internal 1 external) it works fine. When connection an other device (1 internal 2 externals) Nothing is working anymore. ping google.com doesn't even work on my nas/router PC.

You have to tell the router
if packet is coming from 192.168.1.0 network, it should go out via interface eth1
but
if packet is coming from 192.168.2.0 network, it should go out via interface eth2

This can be achieved using

Policy Routing

Thanks!
I looked around and found out that with iptables it is possible to do something like:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth2 -j MASQUERADE

Everything is working fine now for ip range 192.168.1.0 but for my ip range 192.168.2.0 it is not working...
Is there something else I'm forgetting to configure on the server?

Can you show/display IP tables rules for all Chains please?

Make sure the firewall has the rule

Sorry for that (really really late response).
I finally found some time to try this config again.

I looked further on the internet but it is still not working.

I executed the following
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.2.0.0/16 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -j ACCEPT
(I changed my home network config in the meanwhile as you can see, no 192.168.0.0 but 10.0.0.0 now)
This is not working for 10.1.0.0 BUT is working for 10.2.0.0

So I tried with the following
iptables -t nat -A POSTROUTING -s 10.1.0.0/16 -o eth1 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.2.0.0/16 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth2 -j ACCEPT
And here again, it is working for 10.2.0.0 but not for 10.1.0.0

Here is my root table
root@routsrv01:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth2
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default routsrv01 0.0.0.0 UG 0 0 0 eth0

I rebooted and now it is the other way around...
10.1.0.0 is working and 10.2.0.0 is not...

Route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.0.0 * 255.255.0.0 U 0 0 0 eth2
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth2
default routsrv01 0.0.0.0 UG 0 0 0 eth0

But, I can ssh on both interfaces (on both External IP's I receive)
Can it be because both WAN interface are using the same IP range?

Updated my configuration (so all interfaces are on a different IP range)

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i eth2 -j ACCEPT

root@routsrv01:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.4.0 * 255.255.255.0 U 0 0 0 eth2
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
192.168.0.0 * 255.255.0.0 U 0 0 0 eth0
default 172.16.1.50 0.0.0.0 UG 0 0 0 eth1
default 10.0.4.2 0.0.0.0 UG 0 0 0 eth2
default routsrv01 0.0.0.0 UG 0 0 0 eth0

Still only one (arbitrary) interface is working

As far as i know it can be achieved only using policy routing

It is finally working!
I followed this page http://www.linuxhorizon.ro/iproute2.html.

Thanks for your help!

Nice to hear that, it is working. They call it policy routing :)