Re: Multihomed with two separate ISPs and strange routing problems with iptables ...

From: Adam Pearse (
Date: 06/05/02

From: "Adam Pearse" <>
Date: Wed, 5 Jun 2002 11:32:26 -0600

I figured it out with a little more searching on google :-) Here is what I
did in case anyone cares:

iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark 1
ip rule add fwmark 1 table 100 pref 1000
ip route add default via dev eth1 table 100

So I left my default route on the 139 intereface and created a special
routing table for the second interface based on http traffic coming in on
it. The other major difference is I was using PREROUTING instead of OUTPUT
on my iptables statement.

"Adam Pearse" <> wrote in message
> Hello, I am wondering if anyone would mind answering my question. I have
> server with two interface cards, each connected to a separate ISP. I run
> Counter Strike from one of the interfaces while I run Apache off the
> 1st interface: with a default gateway of
> running Counter Strike (port 27015). This connection is a 10 Mbp pipe.
> 2nd interface: with a default gateway of
> Apache web server (port 80). This connection is a T1.
> What is happening is when ppl join my counter strike server via the
> interface, the outgoing packets (for some reason) are
> leaving out the interface which is only a T1 causing a great
> deal of lag. I am attempting with iptables to force all traffic that came
> to go back out the same interface it came in on.
> is the commands I am using but they are not working ... Can anyone see
> I am doing wrong here?
> This is done once:
> echo 201 http.out >> /etc/iproute2/rt_tables
> This is done in my S99local
> echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
> iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark 1
> iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source
> ip rule add fwmark 1 table http.out prio 101
> /sbin/ip route add default via dev eth1 table http.out
> ip route flush cache
> I am using Redhat 7.3, kernel build 2.4.18-4. I do not understand why CS
> traffic is still going out the eth1 interface. Anyone?

Relevant Pages