All of lore.kernel.org
 help / color / mirror / Atom feed
From: J Webster <jw.jwebster@gmail.com>
To: "Usuário do Sistema" <maiconlp@ig.com.br>
Cc: netfilter@vger.kernel.org
Subject: Re: only direct port 80 traffic from client
Date: Sat, 23 Apr 2011 18:23:00 +0200	[thread overview]
Message-ID: <4DB2FCE4.4090606@gmail.com> (raw)
In-Reply-To: <BANLkTi=ZpD83qOpn5FEK7dQgU27Xa2p3CQ@mail.gmail.com>


> You can use iproute2 to split your traffic.
>
> http://lartc.org/howto/
>
> follow a tip:
>
>
> 1- create a table with name bradesco
>
> echo 200 bradesco>>  /etc/iproute2/rt_tables
>
> 2- Marking the packages desirable ( 192.100.100.0/24>  branch office
> inside network, 128.2.0.0/16 head office inside network )
>
> /sbin/iptables -t mangle -A PREROUTING -i eth0 -s 192.100.100.0/24 -d
> 128.2.0.0/16 -p tcp --dport 80 -j MARK --set-mark 1
> /sbin/iptables -t mangle -A PREROUTING -i eth0 -s 192.100.100.0/24 -d
> 128.2.0.0/16 -p tcp --dport 443 -j MARK --set-mark 1
>
> 3- Add packages have been marked with tag 1 to table bradesco
>
> ip rule add fwmark 1 table bradesco prio 20
>
> 4- Add a gateway for table bradesco
>
> ip route add default via tun0 table bradesco
>
> where tun0 it's your address VPN tunnel
>
But this is on the server isn't it?
It is the traffic from the client and all clients are outside of the 
network.
So, a client from 88.11.11.11 connects to my VPN on fixed IP 
123.123.123.123. Another client from 78.22.11.22 connects to 
123.123.123.123.
I only want them to send port 80 traffic to the server but they should 
direct all their email traffic and other apps through their normal ISP.
iptables cannot bounce the traffic back to the client because the client 
won;t know where to send it after that?

  reply	other threads:[~2011-04-23 16:23 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-04-21  7:56 only direct port 80 traffic from client J Webster
2011-04-23 14:31 ` Usuário do Sistema
2011-04-23 16:23   ` J Webster [this message]
2011-04-24 14:08     ` Usuário do Sistema

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DB2FCE4.4090606@gmail.com \
    --to=jw.jwebster@gmail.com \
    --cc=maiconlp@ig.com.br \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.