[LARTC] Trouble selecting network interface by port

[bkhl@elektrubadur.se (Björn Lindström)]

I have a connection to the Internet (on eth1), and over this I also
have a PPTP tunnel set up (on ppp0). Temporarily I use the (slower)
PPTP tunnel for everything, but I really just have to use it for some
specific purposes, which are distinguishable by port.

So, I want to direct only some specific ports to ppp0, using eth1 for
the rest.

I have tried following the instructions on
http://lartc.org/howto/lartc.netfilter.html

CONFIG_IP_ADVANCED_ROUTER, CONFIG_IP_MULTIPLE_TABLES and
CONFIG_IP_ROUTE_FWMARK is enabled in the kernel.

I have added the line "201 tunnel.out" to /etc/iproute2/rt_tables .

After the PPTP tunnel comes up, the following is run.

$TUNNEL is the PPTP tunnel (ppp0), and $EXTIF my regular WAN interface (eth1).

    # Open firewall for the tunnel.
    iptables -A FORWARD -i ${TUNNEL} -o eth0 -m state --state \
        ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i eth0 -o ${TUNNEL} -j ACCEPT
    iptables -t nat -A POSTROUTING -o ${TUNNEL} -j MASQUERADE

    # Mark packets that should be routed through the tunnel
    iptables -A PREROUTING -i ${EXTIF} -t mangle -p tcp --dport 80 \
        -j MARK --set-mark 1

    # Generate route for the tunnel
    ip rule add fwmark 1 table tunnel.out
    ip route add default dev ${TUNNEL} table tunnel.out

I'm testing this with port 80 so that I can check the result by
running a script that returns my IP on a remote server.

After doing all this, the remote server still sees my as the IP for
eth1. Can anyone see what I have overlooked here?


Thank you,

Björn Lindström

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc