When I run these iptables rules, I got the mark values of the package as 1 and 2. I can also get whole package via queue. However, I cannot access the internet. what could be the problem ?
WAN1 => GW : 10.10.12.1, LINK IP: 10.10.12.254
WAN2 => GW : 192.168.1.1, LINK IP: 192.168.1.3
#
modprobe nf_conntrack
#
ip route flush table WAN1
ip route flush table WAN2
#
iptables -F
iptables -t mangle -F
iptables -t nat -F
#
echo "101 WAN1" >> /etc/iproute2/rt_tables
echo "102 WAN2" >> /etc/iproute2/rt_tables
#
ip route add default via 10.10.12.1 table WAN1
ip route add default via 192.168.1.1 table WAN2
ip rule add fwmark 1 table WAN1
ip rule add fwmark 2 table WAN2
#
iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark
iptables -A PREROUTING -t mangle -m mark --mark 0 -m statistic --mode nth --every 4 --packet 0 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -m mark --mark 0 -m statistic --mode nth --every 4 --packet 1 -j MARK --set-mark 2
iptables -A PREROUTING -t mangle -m mark --mark 0 -m statistic --mode nth --every 4 --packet 2 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -m mark --mark 0 -m statistic --mode nth --every 4 --packet 3 -j MARK --set-mark 2
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
#
iptables -A FORWARD -i enp3s0 -o enp2s0 -j NFQUEUE --queue-num 0
iptables -A FORWARD -i enp2s0 -o enp3s0 -j NFQUEUE --queue-num 0
iptables -A FORWARD -i enp3s0 -o enp4s0 -j NFQUEUE --queue-num 1
iptables -A FORWARD -i enp4s0 -o enp3s0 -j NFQUEUE --queue-num 1
#
iptables -A POSTROUTING -t nat -m mark --mark 1 -j SNAT --to-source 10.10.12.254
iptables -A POSTROUTING -t nat -m mark --mark 2 -j SNAT --to-source 192.168.1.3
When I run these iptables rules, I got the mark values of the package as 1 and 2. I can also get whole package via queue. However, I cannot access the internet. what could be the problem ?
WAN1 => GW : 10.10.12.1, LINK IP: 10.10.12.254
WAN2 => GW : 192.168.1.1, LINK IP: 192.168.1.3