* How would I go about doing this?
@ 2005-10-17 18:37 Zane C. B.
2005-10-17 19:33 ` John A. Sullivan III
0 siblings, 1 reply; 2+ messages in thread
From: Zane C. B. @ 2005-10-17 18:37 UTC (permalink / raw)
To: netfilter
I have two routers. The main router than everything goes through and a
second router that I want to route some traffic through depending on the
originating IP#.
The second router has filtering and the like running on it.
For traffic coming from a specific IP# and hitting the main router, I
want it then to be routed out through the second router.
Currently I got it working for port 80, using iptables, since squid is
setup transparently on the filtering router. The command I am using is
this... iptables -t nat -A PREROUTING -s <machine to filter for> -p tcp
--destination-port 80 -j DNAT --to-destination <filtering router>. This
works, but only for like web or the like which has a transparent squid
setup to take care of it.
That works for right now, but what I want to accomplish is to have the
main router kick packets, from specified IP#, out to the secondary
router.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: How would I go about doing this?
2005-10-17 18:37 How would I go about doing this? Zane C. B.
@ 2005-10-17 19:33 ` John A. Sullivan III
0 siblings, 0 replies; 2+ messages in thread
From: John A. Sullivan III @ 2005-10-17 19:33 UTC (permalink / raw)
To: Zane C. B.; +Cc: netfilter
On Mon, 2005-10-17 at 13:37 -0500, Zane C. B. wrote:
> I have two routers. The main router than everything goes through and a
> second router that I want to route some traffic through depending on the
> originating IP#.
>
> The second router has filtering and the like running on it.
>
> For traffic coming from a specific IP# and hitting the main router, I
> want it then to be routed out through the second router.
>
> Currently I got it working for port 80, using iptables, since squid is
> setup transparently on the filtering router. The command I am using is
> this... iptables -t nat -A PREROUTING -s <machine to filter for> -p tcp
> --destination-port 80 -j DNAT --to-destination <filtering router>. This
> works, but only for like web or the like which has a transparent squid
> setup to take care of it.
>
> That works for right now, but what I want to accomplish is to have the
> main router kick packets, from specified IP#, out to the secondary
> router.
>
If I understand you correctly, iproute2 is your friend. You can
probably find the documentation on it in a file in your distribution
named ip-cref.ps. You can also find a training slide show in the
training section of the ISCS open source network security management web
page (http://iscs.sourceforge.net). Hope this helps - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
Financially sustainable open source development
http://www.opensourcedevel.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-10-17 19:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-17 18:37 How would I go about doing this? Zane C. B.
2005-10-17 19:33 ` John A. Sullivan III
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox