Re: ipt ROUTE

[Mart Frauenlob <mart.frauenlob@chello.at>]

aidan mcgurn wrote:
> Hi,
> (apologies in advance - don't seem to have the option to reply within the same thread so re-sending this)
> thanks for the response.
> I had looked through the archives and did again but i'm fairly new to netfilters iptables and i can't see 
> any other way of routing using dst:port via different gateways besides using the ipt ROUTE lib.
>
> That been the case, can u please directme on how to build the ipt_ROUTE kernel object for this or is it a patch thats required?
> As i said i downloaded 1.3.5 iptables code from netfilter and did a make but it only builds the shared objects, no kernel objects which
> i presume i need to install a ipt_ROUTE.ko to get the -j ROUTE option to work?
> alternatively is there any iptables package which includes this?
>
>   
Hello,

ipt_ROUTE has been removed, some functionality moved to the TEE  target 
from xtables-addons (but that's not what you need).

The way to do it, is to use the MARK target to set marks (--set-mark 
0xX), like i.e:
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 22 -j MARK 
--set-mark 0x1

Then use the iproute utility to add routing tables/rules per gateway i.e.

echo X GW1 >> /etc/iproute2/rt_tables
...
ip route add table X <whatever-route>
....
ip rule add from all fwmark 0x1 table X
...

It should not be hard to find valuable examples on the internet. i.e:
http://linux-ip.net/html/adv-multi-internet.html
http://lartc.org/howto/lartc.rpdb.html

Regards

Mart