From: Anders Fugmann <afu@fugmann.dhs.org>
To: Rasmus Reinholdt Nielsen <rasmus@narani.dk>
Cc: netfilter@lists.samba.org
Subject: Re: binding nntp to one interface
Date: Thu, 12 Sep 2002 11:15:17 +0200 [thread overview]
Message-ID: <3D805B25.1060001@fugmann.dhs.org> (raw)
In-Reply-To: 5.1.0.14.2.20020912090056.012e6d48@linda
Rasmus Reinholdt Nielsen wrote:
> Hi
>
> I have two different internet connections, to two different ISP's, set
> up as load balancing.
>
> My problem is that both my isp's have ip restricted their newsservers,
> so I need to bind all outgoing trafic on port 119 to a specific
> interface or ip. Anybody knows how to do this?
You have to use the iproute2 program package to do this. iptables cannot
set or change routes, only hint on how routing should be done by marking
packets. In the mangle-PREROUTING chain, use the MARK target to mark the
packets with some id:
iptables -t mangel -A PREROUTING -d news.isp.dk --dport 119 -j MARK
--set-mark 1
iptables -t mangel -A OUTPUT -d news.isp.dk --dport 119 -j MARK --set-mark 1
Next use the iproute2 package and create a routing policy, which
send the packets in the correct routing table.
I'm not that familliar with iproute2, but i guess that the following
would work:
list all possible routes to the news server:
$ ip route get news.isp.dk
This should list two routes:
xx.xx.xx.xx dev eth0 src yy.yy.yy.yy realms AA...
xx.xx.xx.xx dev eth1 src zz.zz.zz.zz realms BB...
Say that you want to route through eth0, then instruct the routing that
it should route all packets with mark 10 to this realm:
$ ip rule add fwmark 10 table BB prio 100
As I said, I am not familliar with this, so it is only a qualified
guess. Take a look at lartc.org and the documentation in the iproute
package on howto set this up.
Hope it works
Anders Fugmann
--
Author of FIAIF
FIAIF Is An Intelligent/Iptables FIREWALL
http://fiaif.fugmann.dhs.org
next prev parent reply other threads:[~2002-09-12 9:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-12 7:05 binding nntp to one interface Rasmus Reinholdt Nielsen
2002-09-12 9:15 ` Anders Fugmann [this message]
2002-09-12 10:22 ` Antony Stone
2002-09-12 11:31 ` IPTABLES NewBie HareRam
2002-09-12 13:54 ` Antony Stone
2002-09-14 9:23 ` NAT and NAT HareRam
[not found] ` <5.1.0.14.2.20020912131043.02711d58@of23sm3>
2002-09-12 11:51 ` binding nntp to one interface Anders Fugmann
2002-09-12 11:55 ` Rasmus Reinholdt Nielsen
-- strict thread matches above, loose matches on Subject: below --
2002-09-12 7:26 İhsan Turkmen
2002-09-12 7:55 ` Rasmus Reinholdt Nielsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D805B25.1060001@fugmann.dhs.org \
--to=afu@fugmann.dhs.org \
--cc=netfilter@lists.samba.org \
--cc=rasmus@narani.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox