iptables mark

Ответить
admin
Администратор
Сообщения: 204
Зарегистрирован: 05 янв 2011, 04:19

iptables mark

Сообщение admin »

iptables -t mangle -A PREROUTING -i eth0 -d 1.1.1.1 -p udp --dport 5555 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth1 -d 2.2.2.2 -p udp --dport 5555 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth0 -p udp --dport 5555 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -i eth1 -p udp --dport 5555 -j CONNMARK --save-mark

# nat PREROUTING comes after mangle PREROUTING
iptables -t nat -A PREROUTING -m mark --mark 1 -j DNAT --to-destination 172.16.0.1
iptables -t nat -A PREROUTING -m mark --mark 2 -j DNAT --to-destination 172.16.0.1

# restore mark from packets originating from 172.16.0.1, as it triggers a new routing decision
iptables -t mangle -A OUTPUT -s 172.16.0.1 -p udp --sport 5555 -j CONNMARK --restore-mark

ip rule add prio 20 fwmark 1 lookup upstream0
ip rule add prio 21 fwmark 2 lookup upstream1
Ответить