Re: routing_based_on_port/services

• Previous message: Scott Rippee: "Re: Securing Fedora Core 4"
• In reply to: kucserak_at_post.sk: "routing_based_on_port/services"
• Next in thread: Joachim Schipper: "Re: routing_based_on_port/services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: Tue, 4 Oct 2005 18:12:09 +0200

Hi!

1) Use iptables to mark the outgoing traffic in the mangle PREROUTING chain:

iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j MARK --set-mark 1

2) Create routing table for the marked traffic, we will call the new table "http".
This table will contain default route to the ADSL provider.

echo 200 http >> /etc/iproute2/rt_tables
ip route add default via <adsl_ip> dev <adsl_dev> table http

3) Standard default route will point to the P2P provider.

ip route add default via <p2p_ip> dev <p2p_dev>

4) Add routing policy rule to use table "http" for marked traffic:

ip rule add fwmark 1 table http

This configuration is not perfect (e.g. port 80 on the router is not accessible)
but I hope it will help. More on multiple routing tables can be found at

http://lartc.org/howto/lartc.rpdb.html

Of course, you have to turn on appropriate options (e.g. "use fwmark as
a routing key") in your kernel config.

Regards,
Bendis

Dne po 3. října 2005 11:41 kucserak@post.sk napsal(a):
> Dear List!
>
> I just want to ask you a question.I have a linux(Secure platform) gateway
> server with 2 external ip address to the internet (one S/0 ADSl, second S/1
> Point to Point) and one internal ip eth0 for my LAN. I need to split up the
> outgoing traffic.HTTP/HTTPS want to route through the ADSL and the rest of
> traffic (SMTP,POP3,FTP) through the Point to Point.Can i solve this with
> Linux iptables or whatever else. Any suggestion help..
>
> regards,
>
> Chris

• application/pgp-signature attachment: stored

• Previous message: Scott Rippee: "Re: Securing Fedora Core 4"
• In reply to: kucserak_at_post.sk: "routing_based_on_port/services"
• Next in thread: Joachim Schipper: "Re: routing_based_on_port/services"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: VPN Gateway ... ip route? ... >>use my linux box as a gateway so that other computers on my LAN ... I've never used iptables. ... > No. IPtables has nothing to do with routing. ... (comp.os.linux.networking) Re: Allgemein: netfilter, routing, sonstige flags ... > ich habe zwar mit iptables einige Paketfilter konfiguriert. ... Mit Routen legst du dagegen fest, dass Pakete, die auf einer ... Bei einfachem Routing kannst du nur die Ziel-IP-Adressen zur ... die sich von Netzwerkschnittstelle zu ... (de.comp.os.unix.networking.misc) policy-based routing and NAT with iptables ... I try to setup policy-based routing under linux with iptables and ip ... configured iptables so that packets with some port-numbers are marked. ... Those packets marked should receive the second routing-table. ... hostname:/home/airflow# ip route list table default ... (comp.os.linux.networking) TCP Routing/IPTABLES question. ... |Linux Fedora (Administrative Control) (IPTABLES) ... | Kernel IP routing table ... I can ssh from Machine A to various machines on Network B. ... (comp.security.firewalls) Re: 3 multi-homed ... Just search for linux policy routing on google. ... override the netmask in the dhcp settings and connect to host on the ... other subnet via the gateway without the iptables filtering or policy ... (comp.os.linux.networking)