From: "Nataniel Klug" <nata@cnett.com.br>
To: lartc@vger.kernel.org
Subject: [LARTC] Routing for multiple interfaces (marking ports)
Date: Sat, 04 Feb 2006 10:52:13 +0000 [thread overview]
Message-ID: <003301c62979$0f45c490$0e001eac@NATANIEL> (raw)
Hello guys,
I am still in doubt about this kind of server. So my question is about
the "prio" at routing tables like:
I have 3 tables in /etc/iproute2/rt_tables:
201 201
202 202
222 222
In table 201 there is the rules about my internet link (frame relay)
that comes into eth0. So I made this route into it:
[root@ns2 iproute2]# ip route show table 201
default via 200.163.208.1 dev eth0 proto static src 200.163.208.3
prohibit default proto static metric 1
In table 202 there is the rules about my internet link (adsl) that comes
into eth2. So I made this route into it:
[root@ns2 iproute2]# ip route show table 202
default via 10.1.1.1 dev eth2 proto static src 10.1.1.10
prohibit default proto static metric 1
In table 222 there is the rules about both link, if I want to make
balance in them. But I dont want to balance I just want to make all traffic
from my netowork to the internet that goes to port 80 go through my DSL line
(eth2) and all the rest goes through eth0 (frame relay), so into table 222 I
made this route:
[root@ns2 iproute2]# ip route show table 222
default via 200.163.208.1 dev eth0 proto static src 200.163.208.3
I have marked all packges with port 80 as destination like this:
IPT="/usr/local/sbin/iptables"
$IPT -t mangle -F
$IPT -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
$IPT -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
$IPT -t mangle -A PREROUTING -d ! 200.163.208.0/25 -p tcp -m tcp --dport
80 -j MARK --set-mark 2
$IPT -t mangle -A PREROUTING -d ! 200.163.208.0/25 -p udp -m udp --dport
80 -j MARK --set-mark 2
$IPT -t mangle -A PREROUTING -p tcp -m mark --mark 2 -j CONNMARK --save-mark
$IPT -t mangle -A PREROUTING -p udp -m mark --mark 2 -j CONNMARK --save-mark
Until now its all right, I think. My doubt came here. How can I set this
MARK to go ONLY to the table 202? So I made a rule like this:
/sbin/ip rule add prio 210 fwmark 2 table 202
This is my problem. I think it is all working but I need to know how the
TABLES prio works. My list of tables and rules looks like this:
[root@ns2 iproute2]# ip rule
0: from all lookup local
50: from all lookup main
201: from 200.163.208.0/26 lookup 201
202: from 10.1.1.0/24 lookup 202
210: from all fwmark 0x2 lookup 202
222: from all lookup 222
32766: from all lookup main
32767: from all lookup default
This prio reads tables from lower prio (0) to higher prio (32767) or it
makes reading this the other way?
Att,
Nataniel Klug
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next reply other threads:[~2006-02-04 10:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-04 10:52 Nataniel Klug [this message]
2006-02-04 12:30 ` [LARTC] Routing for multiple interfaces (marking ports) Peter Warasin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='003301c62979$0f45c490$0e001eac@NATANIEL' \
--to=nata@cnett.com.br \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.