mariusv/root

## root
#!/bin/sh
DEV1=ppp0
IP1=100.0.1.1
GW1=100.0.1.254
TABLE2=connection2
DEV2=ppp1
IP2=100.0.2.1
GW2=100.0.2.254
ip route flush table $TABLE1
ip route flush table $TABLE2
ip route show table main | grep -Ev '(^default|ppp)' | while read ROUTE ; do
    ip route add table $TABLE1 $ROUTE
    ip route add table $TABLE2 $ROUTE
done
ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
ip route add table $TABLE1 default via $GW1
ip route add table $TABLE2 default via $GW2

ip route output:

~# ip route show
100.0.1.254 dev ppp0  proto kernel  scope link  src 100.0.1.1
100.0.2.254 dev ppp1  proto kernel  scope link  src 100.0.2.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.1.254 dev ppp0

~# ip route show table connection1
100.0.1.254 dev ppp0  proto kernel  scope link  src 100.0.1.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.1.254 dev ppp0

~# ip route show table connection2
100.0.2.254 dev ppp1  proto kernel  scope link  src 100.0.2.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
default via 100.0.2.254 dev ppp1

Add the ip rules:

ip rule add from 100.0.1.1 lookup connection1
ip rule add from 100.0.2.1 lookup connection2
ip rule add fwmark 1 lookup connection1
ip rule add fwmark 2 lookup connection2

Add the iptables rules for SNAT:

iptables -A POSTROUTING -o ppp0 -j SNAT --to-source 100.0.1.1
iptables -A POSTROUTING -o ppp1 -j SNAT --to-source 100.0.2.1

And finally add the rules for marking the connection they should be going out on. The first PREROUTING rule is for packets we forward to be returned via the interface they were received on. The OUTPUT rule is for packets handled on this PC to be returned on the correct interface too. We only want to mark new packets and restore marks on established connections else the packets

-A PREROUTING          -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A OUTPUT              -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A PREROUTING -i ppp0  -m state --state NEW                 -j CONNMARK --set-mark 1
-A PREROUTING -i ppp1  -m state --state NEW                 -j CONNMARK --set-mark 2
-A PREROUTING -m connmark --mark 1                          -j MARK --set-mark 1
-A PREROUTING -m connmark --mark 2                          -j MARK --set-mark 2
-A PREROUTING -m state --state NEW -m connmark ! --mark 0   -j CONNMARK --save-mark

Selective routing:

To send all outgoing traffic on a specific table:

-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport  80 -j CONNMARK --set-mark 2
-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark 2
	#!/bin/sh
	DEV1=ppp0
	IP1=100.0.1.1
	GW1=100.0.1.254
	TABLE2=connection2
	DEV2=ppp1
	IP2=100.0.2.1
	GW2=100.0.2.254
	ip route flush table $TABLE1
	ip route flush table $TABLE2
	ip route show table main \| grep -Ev '(^default\|ppp)' \| while read ROUTE ; do
	ip route add table $TABLE1 $ROUTE
	ip route add table $TABLE2 $ROUTE
	done
	ip route add table $TABLE1 $GW1 dev $DEV1 src $IP1
	ip route add table $TABLE2 $GW2 dev $DEV2 src $IP2
	ip route add table $TABLE1 default via $GW1
	ip route add table $TABLE2 default via $GW2

	ip route output:

	~# ip route show
	100.0.1.254 dev ppp0 proto kernel scope link src 100.0.1.1
	100.0.2.254 dev ppp1 proto kernel scope link src 100.0.2.1
	192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
	default via 100.0.1.254 dev ppp0

	~# ip route show table connection1
	100.0.1.254 dev ppp0 proto kernel scope link src 100.0.1.1
	192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
	default via 100.0.1.254 dev ppp0

	~# ip route show table connection2
	100.0.2.254 dev ppp1 proto kernel scope link src 100.0.2.1
	192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
	default via 100.0.2.254 dev ppp1

	Add the ip rules:

	ip rule add from 100.0.1.1 lookup connection1
	ip rule add from 100.0.2.1 lookup connection2
	ip rule add fwmark 1 lookup connection1
	ip rule add fwmark 2 lookup connection2

	Add the iptables rules for SNAT:

	iptables -A POSTROUTING -o ppp0 -j SNAT --to-source 100.0.1.1
	iptables -A POSTROUTING -o ppp1 -j SNAT --to-source 100.0.2.1

	And finally add the rules for marking the connection they should be going out on. The first PREROUTING rule is for packets we forward to be returned via the interface they were received on. The OUTPUT rule is for packets handled on this PC to be returned on the correct interface too. We only want to mark new packets and restore marks on established connections else the packets

	-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
	-A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
	-A PREROUTING -i ppp0 -m state --state NEW -j CONNMARK --set-mark 1
	-A PREROUTING -i ppp1 -m state --state NEW -j CONNMARK --set-mark 2
	-A PREROUTING -m connmark --mark 1 -j MARK --set-mark 1
	-A PREROUTING -m connmark --mark 2 -j MARK --set-mark 2
	-A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark

	Selective routing:

	To send all outgoing traffic on a specific table:

	-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark 2
	-A PREROUTING -i eth0 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark 2