[gentoo-user] OT: default route dependent on dest port?
Let's posit two network interfaces net1 (192.168.x.y/16) and net2 (172.16.a.b/16). There's a NAT/gateway available on each of the networks. I want to use the 172.16 gateway for TCP connections to port 80 and the 192.168 gateway for everything else. I'm primarily following this example: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html My main routing table contains all directly accessible subnets plus a default route via the 192.168 gateway. I created a second route table named pmain which is identical to main except it has a different default route via the 172.16 gateway. My ip rules are: 0: from all lookup local 1: from all fwmark 0x1 lookup pmain 32766: from all lookup main 32767: from all lookup default I then add an iptables rule like this: iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 Now all TCP packets destined for port 80 are sent to the 172.16 gateway, _but_ they're being sent with a 192.168 source address. The TCP stack is apparently unaware of the advanced routing tricks and thinks that the packets are going out via the 192.168 gateway. IOW I've succesfully re-routed TCP _packets_ but not the TCP _connection_. How do I tell the TCP stack that it's supposed to use the 172.16 inteface/gateway for connections to port 80? -- Grant Edwards grant.b.edwardsYow! I feel partially at hydrogenated! gmail.com
Re: [gentoo-user] OT: default route dependent on dest port?
On 04/10/2013 21:55, Grant Edwards wrote: Let's posit two network interfaces net1 (192.168.x.y/16) and net2 (172.16.a.b/16). There's a NAT/gateway available on each of the networks. I want to use the 172.16 gateway for TCP connections to port 80 and the 192.168 gateway for everything else. I'm primarily following this example: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html My main routing table contains all directly accessible subnets plus a default route via the 192.168 gateway. I created a second route table named pmain which is identical to main except it has a different default route via the 172.16 gateway. My ip rules are: 0: from all lookup local 1: from all fwmark 0x1 lookup pmain 32766: from all lookup main 32767: from all lookup default I then add an iptables rule like this: iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 It would help if you were to also supply the details of: * ip -f inet -o a s * ip route show table main * ip route show table pmain Now all TCP packets destined for port 80 are sent to the 172.16 gateway, _but_ they're being sent with a 192.168 source address. The TCP stack is apparently unaware of the advanced routing tricks and thinks that the packets are going out via the 192.168 gateway. IOW I've succesfully re-routed TCP _packets_ but not the TCP _connection_. How do I tell the TCP stack that it's supposed to use the 172.16 inteface/gateway for connections to port 80? --Kerin
Re: [gentoo-user] OT: default route dependent on dest port?
On Fri, 4 Oct 2013 20:55:25 + (UTC) Grant Edwards grant.b.edwa...@gmail.com wrote: Let's posit two network interfaces net1 (192.168.x.y/16) and net2 (172.16.a.b/16). There's a NAT/gateway available on each of the networks. I want to use the 172.16 gateway for TCP connections to port 80 and the 192.168 gateway for everything else. I'm primarily following this example: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html My main routing table contains all directly accessible subnets plus a default route via the 192.168 gateway. I created a second route table named pmain which is identical to main except it has a different default route via the 172.16 gateway. My ip rules are: 0: from all lookup local 1: from all fwmark 0x1 lookup pmain 32766: from all lookup main 32767: from all lookup default I then add an iptables rule like this: iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 Now all TCP packets destined for port 80 are sent to the 172.16 gateway, _but_ they're being sent with a 192.168 source address. The TCP stack is apparently unaware of the advanced routing tricks and thinks that the packets are going out via the 192.168 gateway. IOW I've succesfully re-routed TCP _packets_ but not the TCP _connection_. How do I tell the TCP stack that it's supposed to use the 172.16 inteface/gateway for connections to port 80? Hi, It's been a while but i believe you want to route via interface not gateway. Providing more info will make it easier to help you.
