From: Javier Charne <javiercharne@speedy.com.ar>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] multiple routing tables for internal router programs
Date: Mon, 11 Jun 2007 19:01:42 +0000 [thread overview]
Message-ID: <466D9C16.3000300@speedy.com.ar> (raw)
In-Reply-To: <466D6835.3090204@gmail.com>
Andrea escribió:
> Maybe a strange request, I'll try to explain this as clearer as I can
> (forgive my bad english, please :-) ).
>
Está permitido responder en castellano en esta lista?
> I'm setting a linux box as a router. My router uses multiple routing
> tables, so I can address the traffic from specific ip addresses of my
> lan to distinct ISPs providers (specifying a different default gateway
> fo r each table), marking packets with iptables (prerouting marks).
>
> This works with the forwarding traffic (lan-ISPs) that crosses my router.
>
> But how can I reach the same result for programs/services that are
> working INTO the linux box? All I want is that a program (ping, for
> examples, or a VOIP server, better) uses a secondary routing table in
> the same machine. In this mode, I can manipulate route settings for
> different classes of program in my router.
>
Lo que podés hacer es "marcar" los paquetes mediante iptables -t mangle
y luego definir reglas (ip rule) para routear cada paquete de acuerdo a
la marca que tenga, por las tablas (ip route) que tengas definidas.
Por ejemplo:
Definís una tabla con su gateway (alguno de tus conexiones), y le ponés
las redes que necesitás sean "conocidas" en la tabla:
ip route add 127.0.0.0/8 dev lo scope link table 100
ip route add $NET_INTERNA dev $IF_INTERNA scope link table 100
ip route add $NET_ADSL1 dev $IF_ADSL2 scope link table 100
ip route add $NET_ADSL2 dev $IF_ADSL2 scope link table 100
ip route add default dev $IF_ADSL2 via $GW_ADSL2 table 100
Definís una regla que todo paquete esté marcado con un 1, use esa tabla
de routeo (salga por ese gateway...)
ip rule add fwmark 1 table 100
Y también, marcás con un 1 cada paquete que querés que use esa tabla
(por ejemplo, el tráfico web):
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1
Espero te sirva.
Saludos!
Javier.-
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2007-06-11 19:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-11 15:20 [LARTC] multiple routing tables for internal router programs Andrea
2007-06-11 19:01 ` Javier Charne [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=466D9C16.3000300@speedy.com.ar \
--to=javiercharne@speedy.com.ar \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.