From mboxrd@z Thu Jan  1 00:00:00 1970
From: Markus Schulz <msc@antzsystem.de>
Date: Wed, 02 Aug 2006 10:08:40 +0000
Subject: Re: [LARTC] FWMark routing trouble
Message-Id: <200608021208.41393.msc@antzsystem.de>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Am Samstag, 29. Juli 2006 17:33 schrieb former03 | Baltasar Cevc:
> Hi everybody,
>
> I'm trying to set up routing for 2 links to the internet on a box
> which produces traffic itself (e.g. DNS) and will route all our local
> traffic.
>
> AS one route is quick and expensive and the other one slow and cheap,
> I want to be able to route packets for some high-level protocols to
> the second link.
>
> If I correctly understood table 3-2 in
> http://www.faqs.org/docs/iptables/traversingoftables.html that is not
> possible as the routing decision is taken even before the packet
> touches netfilter for the first time.
>
>
> Is that correct? Does anybody have some hints about how to work
> around?

It's possible with Policy Routing. Look at 
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html for 
documentation about it.

(Simplest?) way to do it: (only short excerpt)

- Mark the specific application packets with iptables in PREROUTING 
chain
...
- add rules for routing fwmarked packets to seperate routing tables
ip rule add fwmark <your fwmark #1> table <routing table for slow apps>
ip rule add fwmark <your fwmark #2> table <routing table for fast apps>

- build both routing tables
ip route add default via $PTP1 dev <device #1> src $IP1 proto static 
table <routing table for slow apps>
ip route add default via $PTP2 dev <device #2> src $IP2 proto static 
table <routing table for fast apps>

(Proto static needs kernel patches, but you don't really need this)


-- 
Markus Schulz 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc