Re: [LARTC] 2 gateways - routing based in source address

To:	lartc@mailman.ds9a.nl
Subject:	Re: [LARTC] 2 gateways - routing based in source address
From:	"Jorge Evangelista" <netsecuredata@gmail.com>
Date:	Tue, 29 May 2007 20:28:07 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BJPoTLEzonj5IzgESlWckT7Z6omm119GtpBbIW+4EuDZgRhzJVMilnK1wRTLgTrTTozO87ubJXQj8i6YhlXpc9FOEau41i6vX9ZSjv/7bTAHYbzrutebzUavQ3pJrCwswiVVWTOovQ04wJJgv+3gGgY8ZPP5UQMmHJYfxNMqtTU=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BxDtpIIXI2frRJwQxYkoZ8t+1qfErGQyDncuD49YRb634XlUVT1oXpR+5ujPm9zJ9DiypAWZzwdd3gCT/gPqSR7zOhLRSMrAUZac6T5WuNi9oGNULKNO6O0T7BcqRzqiVH9+b0zxyGIkri1tv13ySd3auPcA2dhYu4CUYtLspzU=
In-reply-to:	<20070529204734.86B5D4B87A@outpost.ds9a.nl>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<20070529204734.86B5D4B87A@outpost.ds9a.nl>
Sender:	lartc-bounces@mailman.ds9a.nl

Hi,

I have not tried it yet. I think that you have to make a rule similiar as

ip rule  add   from 0.0.0.0/0  table 100
ip route add  default via  192.168.1.254  table 100 proto static

ip rule  add   from 0.0.0.0/0  table 200
ip route add  default via  192.168.0.254  table 200 proto static



#Mark incoming packets for later routing
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark

iptables -A PREROUTING -t mangle -i eth2 -s 0.0.0.0/0  -p tcp --dport
80 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -i eth2 -s 0.0.0.0/0  -p tcp --dport
443 -j MARK --set-mark 1
iptables -A PREROUTING -t mangle -i eth2 -s 0.0.0.0/0  -j MARK --set-mark 2

ip rule add from all fwmark 1 table 100
ip rule add from all fwmark 2 table 200



For NAT
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to $IP_ETH0
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $IP_ETH1




On 5/29/07, Pablo Fernandes Yahoo <fernandes_pablo@yahoo.com.br> wrote:




Hi,



First of all, thank you for your help.



And how can i put all the traffic comming from anywhere with destination
port 80 or 443 to go out by the gateway 192.168.1.254, while all the rest
going out by 192.168.0.254 ?



Im trying here different ways with ToS but it isn't working. Thank you for
any Tip.



Regards



>Hi Pablo,

>

>You have to configure your box linux similar to:

>

>ip rule add from 10.20.0.0/24   to 0.0.0.0/0  table 100

>ip route add default via 192.168.0.254  table 100

>

>ip rule add from 10.30.0.0/24  to 0.0.0.0/0  table 200

>ip route add default via 192.168.1.254 table 200

>

>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



--
"The network is the computer"
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] 2 gateways - routing based in source address, Pablo Fernandes Yahoo Re: [LARTC] 2 gateways - routing based in source address, Marek Kierdelewicz Re: [LARTC] 2 gateways - routing based in source address, Jorge Evangelista Re: [LARTC] 2 gateways - routing based in source address, Pablo Fernandes Yahoo Re: [LARTC] 2 gateways - routing based in source address, Jorge Evangelista <=

Previous by Date:	Re: [LARTC] 2 gateways - routing based in source address, Pablo Fernandes Yahoo
Next by Date:	RE: [LARTC] Multihome load balancing - kernel vs netfilter, Salim S I
Previous by Thread:	Re: [LARTC] 2 gateways - routing based in source address, Pablo Fernandes Yahoo
Next by Thread:	[LARTC] Possible problem - class listing, Mihai Predescu
Indexes:	[Date] [Thread] [Top] [All Lists]