RE: [LARTC] Routing based on source port - Solution ?

From: Greg Scott <GregScott@InfraSupportEtc.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] Routing based on source port - Solution ?
Date: Fri, 19 Apr 2002 15:31:22 +0000	[thread overview]
Message-ID: <marc-lartc-101922945901031@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101922226325230@msgid-missing>

What about some sort of DNAT redirection with iptables?

- Greg

-----Original Message-----
From: Tobias [mailto:medlor@web.de]
Sent: Friday, April 19, 2002 8:18 AM
To: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Routing based on source port - Solution ?

Hello bert

I have the same problem and tried all possibities i know.

"ip rule" in fact doesnt route based on port because
IP protocol dont know about ports. BUT u can solve the problem
by using iptables/ipchains with help of MARKs - as u said.

Unfortinuatly netfilter can only set MARKs in the moment the
packets travers the INPUT Queue (of corresponding interface).

-->
netfilter is not able to set mark for _local_ created packets,
because the INPUT Queue of netfilter is not passed.

=> In fact the MARK mechanism can only be used for incoming packets.

In my scenario i would like to do port based routing on local sockets 
i cannot use the MARK feature at all. :(

I dont know of any other method to solve the problem. 
Any other solutions ??

----

I have only one "hack" in mind:
+ Setup my routing based on source-ip.
+ Change the socket() call via LD_PRELOAD to change the namespace
to a predefined IP (= source-IP change)
+ on exection of programs on the shell i preload the new socket()
 when i want to route the network datas other ways (not default one).

That way specified network transfers are done via an alternate route
defined in "ip route".
Possible one needs to HACK the source code of programs.

Anyone got ideas on this medthod ?

Thx
Tobias

On Fri, 19 Apr 2002 10:44:53 +0200
"bert hubert" <ahu@ds9a.nl> wrote:

> On Fri, Apr 19, 2002 at 09:09:35AM +0200, Daniel Ahlberg wrote:
> > Hello,
> > 
> > I have two ISPs connected to my router. Using "ip rule" I can easily
divert
> > traffic to the diffrent uplinks. However, "ip rule" only seems to be
able to
> > send packets according to their source or destination adress. What I
want is
> > to be able to route based on protocol and source port. Is this possible,
and
> > how?
> 
> I think ip rule has a syntax for that; if it doesn't, use iptables or
> ipchains to attach a mark to packets with certain source or destination
port
> and create a rule that works on that mark.
> 
> Regards,
> 
> bert
> 
> -- 
> http://www.PowerDNS.com          Versatile DNS Software & Services
> http://www.tk                              the dot in .tk
> http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/