默认外网eth1, 默认路由不用改, 为了正确路由到内网eth0:
新增外网 eth2, NewIP 配置路由:
ip route add default via NewGW dev eth2 src NewIP table 200 ip rule add from NewIP table 200 ip rule add fwmark 0x200 table 200
配置iptables mangle 表: ( eth0 : LAN )
-A PREROUTING -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j CONNMARK --restore-mark -A PREROUTING -i eth2 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
配置rp_filter:
net.ipv4.conf.all.rp_filter = 2 net.ipv4.conf.eth2.rp_filter = 2
one reaction
1 From peach - 11/12/2015, 13:38
大笨蛋