Jacob Meuser wrote:
>On Thu, Jan 31, 2002 at 09:19:47AM -0800, Ben Barrett wrote:
>
>>In the original post, all that was wanted iirc was to host ports 21 and
>>80 over one interface (dsl?)
>>
>
>No, he wanted outbound port 21 & 80 traffic to go through the cable line
>and everything else to go out the dsl line.
>That's much different than hosting inbound traffic on one interface,
>and outbound on another interface.
>
>--
><[EMAIL PROTECTED]>
>
I'm not sure what the commands would be in BSD, but with iptables
and the routing tools on Linux this simple request seems possible.
You can use iptables to (PREROUTING) mark the packets in a way that
can be read later by the routing tools, for example:
> |
>
>iptables -A PREROUTING -i eth3 -t mangle -p tcp --dport 80 \
> -j MARK --set-mark 1
>
> |
> ||
> |
>
>iptables -A PREROUTING -i eth3 -t mangle -p tcp --dport 21 \
> -j MARK --set-mark 1
>
> |
Where eth3 is the interface for the LAN. We'll pretend that eth0 is
the cable connection and eth1 is the DSL connection
|| Then, read that mark later when routing and decide which
interface to send it out on. There is an example in the advanced
routing howto refenced by Ben. In the example they are using the mark
to send www requests to another box running squid. Here's an example
that would probably work:
> |
>
>naret# echo 202 cabletraffic.out >> /etc/iproute2/rt_tables
>naret# ip rule add fwmark 1 table cabletraffic.out
>naret# ip route add default via <cable_modem_gateway> dev eth0 table cabletraffic.out
>naret# ip route flush cache
>
> |
>
Again, there are probably similar tools, like pf, on BSD. I just
don't know their usage exactly.
