Re: [LARTC] FWMark routing trouble

[Markus Schulz <msc@antzsystem.de>]

Am Samstag, 29. Juli 2006 17:33 schrieb former03 | Baltasar Cevc:
> Hi everybody,
>
> I'm trying to set up routing for 2 links to the internet on a box
> which produces traffic itself (e.g. DNS) and will route all our local
> traffic.
>
> AS one route is quick and expensive and the other one slow and cheap,
> I want to be able to route packets for some high-level protocols to
> the second link.
>
> If I correctly understood table 3-2 in
> http://www.faqs.org/docs/iptables/traversingoftables.html that is not
> possible as the routing decision is taken even before the packet
> touches netfilter for the first time.
>
>
> Is that correct? Does anybody have some hints about how to work
> around?

It's possible with Policy Routing. Look at 
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html for 
documentation about it.

(Simplest?) way to do it: (only short excerpt)

- Mark the specific application packets with iptables in PREROUTING 
chain
...
- add rules for routing fwmarked packets to seperate routing tables
ip rule add fwmark <your fwmark #1> table <routing table for slow apps>
ip rule add fwmark <your fwmark #2> table <routing table for fast apps>

- build both routing tables
ip route add default via $PTP1 dev <device #1> src $IP1 proto static 
table <routing table for slow apps>
ip route add default via $PTP2 dev <device #2> src $IP2 proto static 
table <routing table for fast apps>

(Proto static needs kernel patches, but you don't really need this)


-- 
Markus Schulz 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc