RE: 2 Gateways + P2P

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the help!

I found out the using policy routing I can accomplish the task. However I
have some other question.

As I now the routing decision takes place before the SNAT is performed. So,
if a client is going to be SNAT-ed to $INET_IP_2, I must make sure that I
have a rule for it set with "ip rule". In order to avoid writing 2 lines of
code for each client (one for ip rule and one for SNAT) I came with this
idea:

#------set the 2 routing tables--------
/sbin/ip rule add fwmark 1 table tbl_1
/sbin/ip rule add fwmark 2 table tbl_2

#------set the SNAT rules-----------
iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to-source
$INET_IP_1
iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to-source
$INET_IP_2


#-------mark the traffic (1 or 2) for choosing the ISP connection--------
$IPTABLES -t mangle -A PREROUTING -p tcp -s 172.17.11.38 -d \! 172.17.0.0/16
-j MARK --set-mark 2 
$IPTABLES -t mangle -A PREROUTING -p tcp -s 172.17.11.40 -d \! 172.17.0.0/16
-j MARK --set-mark 1 
$IPTABLES -t mangle -A PREROUTING -p tcp -s 192.168.0.45 -d \! 172.17.0.0/16
-j MARK --set-mark 1

Everything works fine!

Now I want to go even further and make all the P2P traffic follow a third
ISP connection. So a third routing table, a third mark, etc.
This traffic can be generated from clients that already have the mark set to
1 or 2... What will happen if I set the mark to 3 based on the service type
and not on the source IP? Which one takes precedence?

I have the ipp2p module up and running. But, as far as I understood in order
to mark the P2P traffic, you should mark the connection, not only the
packets.

iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p --bit --apple -j
MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j CONNMARK
--save-mark 

With this code I am able to block all the P2P traffic...???? I don't know
why... Can you help me with this? (I set up correctly the third connection,
routing tables, ip rule, etc)

Thanks again in advance,
Mihai Vlad








-----Original Message-----
From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On
Behalf Of gypsy
Sent: Friday, May 28, 2004 5:21 AM
To: Mihai Vlad
Cc: lartc@xxxxxxxxxxxxxxx
Subject: Re:  2 Gateways

Mihai Vlad wrote:
 
> Is there a way to tell the routing table that every request that has the
> source address $INET_IP_1
> follow the $GW_1, and every request that has the source address $INET_IP_2
> follow the $GW_2?
> 
> Thanks in advance,
> Mihai Vlad

Unless I'm missing something really obvious, start here
http://lartc.org/howto/lartc.rpdb.html

and then read
http://www.linux-ip.net/html/adv-multi-internet.html
http://www.linux-ip.net/html/ch-routing.html

and finally, google "martin brown lartc changing default route"
and read the messages in that thread.
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux