Hi, Ilya!
On Sun, May 20, 2001 at 02:15:07PM +0300, you wrote the following:
> As far as I see, there's no way to change the destination route based
> on the port (that is, according to man netfilter, there's no such
> option).
Actually it's quite easy to do if you combine netfilter and the policy
routing features of Linux. I don't know if the example below will
solve the specific ipsec problem you guys are talking about, but it
shows how to do routing decisions based on the destination port.
(Note: I can't test it here so standard disclaimer applies.)
# Create a new routing table and add a default route there to ipsec0
ip route add default dev ipsec0 table 3
# (You actually may need to specify via)
# Mark all packets destined to port 80 with "1"
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
# Send packets marked with "1" to be routed by the rules of table 3
ip rule add fwmark 1 table 3
--
Alex Shnitman <[EMAIL PROTECTED]>
http://alexsh.hectic.net/ UIN 188956
PGP 0xEC5D619D / E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
