After having put this task aside for some months, I’m now trying to fix the problem (without success by now).
Here is my setup:
– ETH00 –> LAN
– ETH01 –> DMZ
– ETH02 –> GW1
– ETH03 –> GW2
GW1 + GW2 are in netbalancing (failover), where GW1’s weight is 95 and GW2’s weight is 1.
GW2 has 4 IP addresses (x.x.x.74,x.x.x.75,x.x.x.76,x.x.x.77).
My goal is to map different addresses to different services/servers in DMZ.
So I setup portforwarding and postrouting rules in crontab in order to SNAT specific traffic.
I also setup balancing rules to get all trafic coming from DMZ through GW2.
This configuration _was_ working in version 1.beta14.
What happens now:
– services mapped to first address (x.x.x.74) are correctly routed through GW2
– services mapped to the other addresses are routed through GW1 (which is also default gateway). Therefore they never get back to the calling party.
Port forwarding config:
ETH03 / x.x.x.77 TCP 25 10.0.1.11:25
ETH03 / x.x.x.74 TCP 110,143 10.0.1.11:110,143
ETH03 / x.x.x.74 TCP 80,443 10.0.1.15:80,443
ETH03 / x.x.x.75 TCP 80 10.0.1.12:80
ETH03 / x.x.x.74 TCP 25 10.0.1.11:25
ETH03 / x.x.x.76 TCP 80,443 10.0.1.14:80,443
Postrouting rules:
iptables -t nat -I POSTROUTING 1 -s 10.0.1.14 -o ETH03 -j SNAT --to-source x.x.x.76
iptables -t nat -I POSTROUTING 1 -s 10.0.1.12 -o ETH03 -j SNAT --to-source x.x.x.75
*** No change even if these rules are commented ***
Net balancing rule:
1 * * MARK all opt -- in * out * 10.0.1.0/24 -> 0.0.0.0/0 MARK set 0x66 GW2 (x.x.x.73)
Any help will be greatly appreciated. Thanks!