* [LARTC] FWMark routing trouble
@ 2006-07-29 15:33 former03 | Baltasar Cevc
0 siblings, 0 replies; 2+ messages in thread
From: former03 | Baltasar Cevc @ 2006-07-29 15:33 UTC (permalink / raw)
To: lartc
Hi everybody,
I'm trying to set up routing for 2 links to the internet on a box which
produces traffic itself (e.g. DNS) and will route all our local
traffic.
AS one route is quick and expensive and the other one slow and cheap, I
want to be able to route packets for some high-level protocols to the
second link.
If I correctly understood table 3-2 in
http://www.faqs.org/docs/iptables/traversingoftables.html that is not
possible as the routing decision is taken even before the packet
touches netfilter for the first time.
Is that correct? Does anybody have some hints about how to work around?
Thanx a lot!
Baltasasar
Baltasar Cevc
_____ former 03 gmbh
_____ infanteriestrafle 19 haus 6 eg
_____ D-80797 muenchen
_____ http://www.former03.de
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] FWMark routing trouble
@ 2006-08-02 10:08 Markus Schulz
0 siblings, 0 replies; 2+ messages in thread
From: Markus Schulz @ 2006-08-02 10:08 UTC (permalink / raw)
To: lartc
Am Samstag, 29. Juli 2006 17:33 schrieb former03 | Baltasar Cevc:
> Hi everybody,
>
> I'm trying to set up routing for 2 links to the internet on a box
> which produces traffic itself (e.g. DNS) and will route all our local
> traffic.
>
> AS one route is quick and expensive and the other one slow and cheap,
> I want to be able to route packets for some high-level protocols to
> the second link.
>
> If I correctly understood table 3-2 in
> http://www.faqs.org/docs/iptables/traversingoftables.html that is not
> possible as the routing decision is taken even before the packet
> touches netfilter for the first time.
>
>
> Is that correct? Does anybody have some hints about how to work
> around?
It's possible with Policy Routing. Look at
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html for
documentation about it.
(Simplest?) way to do it: (only short excerpt)
- Mark the specific application packets with iptables in PREROUTING
chain
...
- add rules for routing fwmarked packets to seperate routing tables
ip rule add fwmark <your fwmark #1> table <routing table for slow apps>
ip rule add fwmark <your fwmark #2> table <routing table for fast apps>
- build both routing tables
ip route add default via $PTP1 dev <device #1> src $IP1 proto static
table <routing table for slow apps>
ip route add default via $PTP2 dev <device #2> src $IP2 proto static
table <routing table for fast apps>
(Proto static needs kernel patches, but you don't really need this)
--
Markus Schulz
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-08-02 10:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-02 10:08 [LARTC] FWMark routing trouble Markus Schulz
-- strict thread matches above, loose matches on Subject: below --
2006-07-29 15:33 former03 | Baltasar Cevc
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.