On Wed, Oct 14, 1998 at 03:35:02PM +0200, tzanger wrote:
> > > There is the iproute2 package, but it too does not allow a source route or
> > > route based on port.
> >
> > Routing by port is not supported.
>
> Ack I am mistaken, please forgive... I meant based on ToS... I was
> playing with this last night some.
>
> ipchains -A output -p tcp -d 0/0 6000:7000 -t 0x01 0x10
> ./ip route add default tos 0x10 via x.x.x.x
>
> if I'm not mistaken, that should route all packets with tos 0x10 (minimum
> delay) via x.x.x.x and anything else by the standard default route. The
> routing table (./ip route list) shows that thisi looks to be correct, but
> a tcpdump on the interface that x.x.x.x is connected to shows only SOME of
> the traffic being sent to that address. the Tos is correctly marked but
> as I watch the normal default route, TCP packets destined for port
> 6000-7000 ALSO have the ToS bits marked 0x10 but are going through the
> "normal" default gateway...
This does not work. The route for a TCP socket is calculated at initial
connection before the packet is passed down to IP. IP would call the
firewall which would rewrite the TOS in your case. But the routing
table lookup still used the old TOS because it wasn't rewriten yet.
It is too hard to fix for 2.2 release. The rule therefore is: TOS
rewriting is only reliably supported for packet forwarding.
I'll note it, maybe it is possible to fix it in 2.3, but it is unlikely.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
