On 7/22/2011 1:17 PM, John R Pierce wrote:
I have a firewall running IPTABLES. I have tried to route sip traffic from my WAN(eth3) interface to a VLAN(eth2.2) interface, however the data will not route to the VLAN it keeps routing to the default interface(eth2). Does anyone have an idea as to what I need to look for?
To route stuff out different interfaces, I found I had to use ip rules.
In my case, I wanted specific local hosts (on the private LAN) to route out an alternate interface, so I did something like...
iptables -t nat -A POSTROUTING -s 10.0.1.0/24 -j SNAT --to $net2.98
ip rule add from $net2.96/28 table 2 ip rule add from 10.0.1.0/24 table 2
ip route add default via $net2.97 dev $port2 table 2
to explain this, the LAN is 10.0.0.0/16. hosts on 10.0.0.0-255 are to be routed out the default interface, while a few hosts specifically put on 10.0.1.98-110 are to be routed out this 2nd interface, $net2.96/28
You need this because you want to route based on the source address, not the destination. That might be what the OP wants too, but it's not clear from the question and doesn't have anything to do with the interfaces being vlans.