От: шлюз на debian

[scfx]

Всем привет.
debian 12.
На шлюз заходят сетки пользователей на сабинтерфейсы (eth0.100, eth0.101 и.т.д).
Провайдеры (default eth0.300, eth0.400)

Собственно вопрос.
Каким образом предоставить выход в интернет для пользователей интерфейса eth0.100 не через default gateway а через eth0.400

Код Выделить Развернуть

cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The trunk vlan interface
auto eth0
iface eth0 inet manual
pre-up ip link set dev eth0 up

# The vlan interface DOM.RU
auto eth0.400
iface eth0.400 inet static
address 109.199.139.164/25
# gateway 109.199.139.254
        up ip route add default via 109.199.139.254 table 40
        up ip route add default via 109.199.139.254 metric 5
        up ip rule add from 109.199.139.254 table 40



# The vlan interface UTK
auto eth0.100
iface eth0.100 inet static
address 192.168.0.1/24
        up ip route add default via 192.168.0.152 table 100
        up ip route add default via 192.168.0.152 metric 30
        up ip rule add from 192.168.0.152 table 100

# The vlan interface UTK_LAN
auto eth0.104
iface eth0.104 inet static
address 10.45.2.1/24

# The vlan interface KTT_LAN
auto eth0.105
iface eth0.105 inet static
        address 10.45.3.1/24

# The vlan interface MTS_2
auto eth0.300
iface eth0.300 inet static
address 192.168.100.3
up ip route add default via 192.168.100.1 table 30
up ip route add default via 192.168.100.1 metric 10
up ip rule add from 192.168.100.1 table 30


Код Выделить Развернуть

# cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
30 mts2
40 dom.ru
100 UTK


Код Выделить Развернуть

# ip rule
0: from all lookup local
32748: from 192.168.100.1 lookup mts2
32749: from 192.168.0.152 lookup UTK
32750: from 109.199.139.254 lookup dom.ru
32751: from 192.168.100.1 lookup mts2
32752: from 192.168.0.152 lookup UTK
32753: from 109.199.139.254 lookup dom.ru
32754: from 192.168.100.1 lookup mts2
32755: from 192.168.0.152 lookup UTK
32756: from 109.199.139.254 lookup dom.ru
32757: from 192.168.100.1 lookup mts2
32758: from 192.168.0.152 lookup UTK
32759: from 109.199.123.254 lookup dom.ru
32760: from 192.168.100.1 lookup mts2
32761: from 192.168.0.152 lookup UTK
32762: from 109.199.139.254 lookup dom.ru
32763: from 192.168.100.1 lookup dom.ru
32764: from 192.168.0.152 lookup UTK
32765: from 109.199.139.254 lookup mts2
32766: from all lookup main
32767: from all lookup default


Код Выделить Развернуть

cat /etc/nftables.conf
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
chain input {
type filter hook input priority filter;
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}

table inet nat_dom.ru {
chain masquarade {
type nat hook postrouting priority srcnat;
oifname "eth0.400" masquerade
}
}

table inet nat_mts_2 {
        chain masquarade {
                type nat hook postrouting priority srcnat;
                oifname "eth0.300" masquerade
        }
}