firewall/filtering

Ammad · 04-20-2005, 11:40 PM

i have two connections of internet, one 64 kbps and 2nd 128 kbps, squid and iptables running, i want to filter traffic if my client wants ftp downloads then 2nd connection should be utilize, and if client want to access http:// then all traffic should go to 1st interface,
how to implement? any one have idea
thanks

fr_laz · 04-21-2005, 04:27 AM

Hi,

assuming you've 2 NICs and 2 IPs from your 2 ISPs :
ISP1 => $IP1, $NIC1
ISP2 => $IP2, $NIC2

let's say that your lan is 192.168.0.0/24

Then you can use :

Code:

iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -p tcp --dport 80 -j SNAT --to-source $IP1
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT --to-source $IP2

This is not exactly what you asked :
Web trafic will be tranlsated to $IP1, so it will go out through the ISP1's interface
All other trafic will be tranlsated to $IP2, so it will go out through the ISP2's interface

Of course you can use filters like -p tcp --dport 80 in the second POSTROUTING rule, but if you have many rules to apply, then you should create a new chain so as to make your script more clear (and maybe more powerfull, but I'm not sure of this).