Problem
I've already created different IP aliases, (each with a different virtual Mac Address too) this way on my shell:
ip link add link eth0 address 00:11:11:11:11:11 eth0.1 type macvlan
ifconfig eth0.1 172.17.1.15/21 up
I have used eth0.1 instead of eth0:1 because otherwise, it does not work the macvlan. I know that the IP alias are written as: eth0:1, though.
It is set a speed throttling to 10Mbps per IP (or Mac Addr, I do not know yet) and I am studying its bypassing for a well intentioned project.
What I want now is to set a specific destination for each IP alias in order to study the router's speed throttling. It should now have 10Mbps per IP/connection.
For instance:
Router: 172.17.0.1/21
eth0> 172.17.1.14/21
eth0.1> 172.17.1.15/21
eth0.2> 172.17.1.16/21
I need now the eth0.1 to be the source to access: URL(speedtest1Web).
And the eth0.2 the source to access: URL(speedtest2Web).
I have tried:
iptables -t nat -A POSTROUTING -p tcp -s 172.17.1.15 -o eth0.1 -j SNAT --to-source xxx.xxx.xxx.xxx
or
iptables -t nat -I POSTROUTING -o eth0 -d xxx.xxx.xxx.xxx/32 -s 10.255.0.127 -j SNAT --to-source 172.17.1.15
where xxx.xxx.xxx.xxx = speedtest1Web
Is it correct the "-o eth0"? Or should I write "-o eth0.1"?
I have been trying many similar commands with no success or at least I continue having 10Mbps for all the connections instead of 10Mbps per connection (what it is supposed now with the IP aliasing).
Best Answer
You don't need usage of macvlan in your case.
eth0
interface:Use
172.17.0.15
as source address for192.168.10.2
destinationUse
172.17.0.16
as source address for192.168.11.2
destinationVerify the routing table:
Also you can check the actual routes for a specific destination with
ip route get
command:There is a short version of same command:
Check the results with
ping
andtcpdump
. Ping the hosts and check the output of tcpdump in an other console. You can use the wireshark instead tcpdump.:SNAT
target in the iptables. But if you have the hundreds of similar rules, it may impact the performance.Better use the
iptables-save
andiptables-apply
to safe configure the iptables. Verification is the same as in the route case - withping
andtcpdump
. Also, you can check the rule counters to sure those rules work.ping
this is-I
option:ip route
oriptables
know nothing about domain-names and can use only ip address of destination. Iptables can resolve domain-name at rule creation, but ip address in it won't being updated magically. There are some tricks to avoid this limitation:/etc/hosts
file to do it. This way suitable for quick tests and DNS records with long TTL.dnsmasq
,ipset
andiptables
. In this casednsmasq
resolves the domain-names and stores its ip addresses intoipset
lists. You can use these lists in theiptables
SNAT
rules.