Есть такое:
eth0 внутрений
(vlan1, vlan89, vlan90)
-----|-------------------------
| |
| Linux Ubuntu |
| |
| |
-----|-------|-------|---------
eth1 eth2 eth3
внешние интерфейсы
eth1, eth2, eth3 - интерфейсы с внешними IP смотрящие в интернет.
Нужно сделать так, чтобы каждый влан выходил в интернет через заданный интерфейс: vlan1 -> eth1 vlan89 -> eth2 vlan90 -> eth3
interfaces:
##########
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).# The loopback network interface
auto lo
#face lo inet loopback
# The primary network interface
auto vlan1
iface vlan1 inet static
address 172.16.2.111
netmask 255.255.248.0
vlan_raw_device eth0
auto vlan89
iface vlan89 inet static
address 192.168.100.1
netmask 255.255.255.240
vlan_raw_device eth0
auto vlan90
iface vlan89 inet static
address 192.168.100.17
netmask 255.255.255.240
vlan_raw_device eth0
iface eth3 inet static
address xx.xx.203.26
netmask 255.255.255.240
gateway xx.xx.203.17
dns-nameservers xx.xx.203.3
mtu 1500
auto eth3
iface eth2 inet static
address xx.xx.133.246
netmask 255.255.255.240
gateway xx.xx.133.241
dns-nameservers xx.xx.130.6
mtu 1500
auto eth2
iface eth1 inet static
address xx.xx.133.245
netmask 255.255.255.240
gateway xx.xx.133.241
dns-nameservers xx.xx.130.6
mtu 1500
auto eth1
iptables:
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i vlan89 -o eth1 -s 192.168.100.16/255.255.255.240 -j ACCEPT
iptables -A FORWARD -i eth1 -o vlan89 -d 192.168.100.16/255.255.255.240 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.16/255.255.255.240 -j MASQUERADE -o eth1
iptables -A INPUT -m udp -p udp --dport 53 -s 192.168.100.16/255.255.255.240 -i vlan89 -j ACCEPT
iptables -A FORWARD -i vlan90 -o eth2 -s 192.168.100.0/255.255.255.240 -j ACCEPT
iptables -A FORWARD -i eth2 -o vlan90 -d 192.168.100.0/255.255.255.240 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.100.0/255.255.255.240 -j MASQUERADE -o eth2
iptables -A INPUT -m udp -p udp --dport 53 -s 192.168.100.0/255.255.255.240 -i vlan90 -j ACCEPT
iptables -A FORWARD -i vlan1 -o eth3 -s 172.16.0.0/255.255.248.0 -j ACCEPT
iptables -A FORWARD -i eth3 -o vlan1 -d 172.16.0.0/255.255.248.0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.16.0.0/255.255.248.0 -j MASQUERADE -o eth3
iptables -A INPUT -m udp -p udp --dport 53 -s 172.16.0.0/255.255.248.0 -i vlan1 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -s 172.16.0.0/255.255.248.0 -i vlan1 -j ACCEPT
Подскажите, как быть?