On Wed, 2 Jan 2002, Dirk Sch=E4psmeyer wrote: > > Hi all, > > I have a Linux box with two connections to the internet over two routers and > a private internal network. The linux box does masquerading. > > > > internet +----------+ 172.16.0.1 +-------------------+ > <---- | Router 1 |-------------------| | > +----------+ | 172.16.0.2 | > | | eth1 > 192.168.0.99 > | Linux box > |----------------------- ... clients ... > internet +----------+ 172.16.0.3 | | > <---- | Router 2 |-------------------| routers on eth0 | > +----------+ | | > +-------------------+ > > > > Now I want it to work in the way I'll describe now: > > Basically, every ip-traffic should work over the default-route 172.16.0.1 > (router 1). But ip-traffic with e.g. destination port 8123 und 8124 > should work over the 2nd router(172.16.0.3). > Certain webservers, like e.g. gmx.com are should ONLY be connected over > router 2. > > To do that, I "invented" following but yet not working solution to it: > > ip route add default via 172.16.0.1 dev eth0 > ip route add default via 172.16.0.3 dev eth0 table 100 > ip rule add fwmark 1 table 100 > ip route flush cache > > iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8123 -j > MARK --set-mark 1 > iptables -A OUTPUT -t mangle -p tcp -s 172.16.0.2 --dport 8124 -j > MARK --set-mark 1 > > > [..not mentioning masquerading rules etc.. ] > > The port routing from 8123 and 8124 over the 2nd router works without > problems. > > But how do I create the routing for ftp-traffic and the connecting to > certain webservers over the 2nd router? Well I think you do the same thing but your ftp traffic would have you fw marking dport 21 and 20 traffic and your webserver traffic would have you fw marking dport 80 traffic to certain dest ip address. Seems simple enough unless i am missing something here? > > Thanks a lot! > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ >
