ipchains iproute2 and port based routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all!

I try to make port based routing, because a have two connections to the
internet.
My router is a "one disk floppy router for linux". It is a big router
project www.fli4l.de. I try also to make a opt, it is like a plugin for this
router.
This project uses Kernel 2.2.19 compiled with libc5 (because it is small and
you can use one floppy disk).

At the moment, iproute2 is not implementated. So i downloaded a old libc5
distribution and the kernel 2.2.19.
I compiled the kernel with the iproute 2 related options. I also compiled on
this system the iproute2 package.

On my router (at the moment on harddisk) i added the new kernel and the "ip"
from iproute2.

Everything seems to work. I tried a destination host based routing - works
percect.
But not the port based routing.

How is my configuration?

Three nics:

eth0 - 192.168.0.0/24 - local LAN - masqeraded
eth1 - ppp0 - dialup! - A-DSL Provider
eth2 - static IP - S-DSL Provider - routet to another router.

This do not work for me:

Treid to route all SSH Traffic to eth2 and WEB Traffic to ppp0:

first, i mark the pakets with ipchains in the input chain [mark 1 is eth2 |
mark 2 is ppp0]:

ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 22 -m 1
ipchains -A input -p tcp -s 192.168.0.0/24 -d 0/0 80 -m 2


second, i added two rules:

echo 200 t-dsl >> /etc/iproute2/rt_tables
echo 201 s-dsl >> /etc/iproute2/rt_tables

ip ru add fwmark 1 table s-dsl
ip ru add fwmark 2 table a-dsl


at last, i setup the routes:

ip ro add 0/0 dev eth2 table s-dsl
ip ro add 0/0 dev ppp0 table a-dsl


The maqerading is also setup:
ipchains -A forward -s 192.168.0.0/24 -j MASQ


There nothing happens. If i try to connect with ssh or http from a other
host, nothing happens.

If a setup this with two "desternation host rules" it works.
I think there is something wrong with ipchains and the marking of packets or
ip rule can not read the mark.

How can i test, if the packtes get marked?
Anybody knows a other solution?
Is there a mistake?



Best Regards

Marco

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux