Hi all,
I have a Linux box with two connections to the internet over two routers and
a private internal network. The linux box does masquerading.
internet +----------+ 172.16.0.1 +-------------------+
<---- | Router 1 |-------------------| |
+----------+ | 172.16.0.2 |
| | eth1
192.168.0.99
| Linux box
|----------------------- ... clients ...
internet +----------+ 172.16.0.3 | |
<---- | Router 2 |-------------------| routers on eth0 |
+----------+ | |
+-------------------+
Now I want it to work in the way I'll describe now:
Basically, every ip-traffic should work over the default-route 172.16.0.1
(router 1). But ip-traffic with e.g. destination port 8123 und 8124
should work over the 2nd router(172.16.0.3).
Certain webservers, like e.g. gmx.com are should ONLY be connected over
router 2.
To do that, I "invented" following but yet not working solution to it:
ip route add default via 172.16.0.1 dev eth0
ip route add default via 172.16.0.3 dev eth0 table 100
ip rule add fwmark 1 table 100
ip route flush cache
iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8123 -j
MARK --set-mark 1
iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8124 -j
MARK --set-mark 1
[..not mentioning masquerading rules etc.. ]
The port routing from 8123 and 8124 over the 2nd router works without
problems.
But how do I create the routing for ftp-traffic and the connecting to
certain webservers over the 2nd router?
Thanks a lot!
