Re: IPSec on 2.4.2/IPv4

Sun, 20 May 2001 13:49:59 -0700 

Well, not a perfect solution, but definitely one that should work - with
ipsec performing as Tzafrir described, and using the the mangling table as
Alex has.... Looks like I'm gonna kill my uptime to try and do this. Wish
me luck :-)


---= Miki Shapiro =------------------
 ---= Cell: (+972)-56-322433 =--------
  ---= ICQ: 3EE853 =-------------------
   ---= Windows Programmer in Rehab =---
    -------------------------------------

"If at first you don't succeed...
.. Skydiving is probbably not for you."

On Sun, 20 May 2001, Alex Shnitman wrote:

> Hi, Ilya!
> 
> On Sun, May 20, 2001 at 02:15:07PM +0300, you wrote the following:
> 
> > As far as I see, there's no way to change the destination route based
> > on the port (that is, according to man netfilter, there's no such
> > option).
> 
> Actually it's quite easy to do if you combine netfilter and the policy
> routing features of Linux. I don't know if the example below will
> solve the specific ipsec problem you guys are talking about, but it
> shows how to do routing decisions based on the destination port.
> (Note: I can't test it here so standard disclaimer applies.)
> 
> # Create a new routing table and add a default route there to ipsec0
> ip route add default dev ipsec0 table 3
> #   (You actually may need to specify via)
> 
> # Mark all packets destined to port 80 with "1"
> iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
> 
> # Send packets marked with "1" to be routed by the rules of table 3
> ip rule add fwmark 1 table 3
> 
> 
> -- 
> Alex Shnitman <[EMAIL PROTECTED]>
> http://alexsh.hectic.net/   UIN 188956
> PGP 0xEC5D619D / E1 F2 7B 6C A0 31 80 28  63 B8 02 BA 65 C7 8B BA
> 
> =================================================================
> To unsubscribe, send mail to [EMAIL PROTECTED] with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail [EMAIL PROTECTED]
> 


=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to