|
My solution to this exact problem isn't
exactly what you asked for, but I'll tell you anyway because it turned out to be
soooo easy and work soooo well.
On my LAN I created a /23 subnet. For
example, lets say it is 192.168.2.0/23, giving us 192.168.2.0 -
192.168.3.255. I then made all IPs in the lower half of the subnet
(192.168.2.0/24) access the internet through ISP-1, and all the IPs in the upper
half of the subnet (192.168.3.0/24) access the internet through
ISP-2.
Then I multi-homed my servers, so one
server might have, for example, the IPs 192.168.2.2 and
192.168.3.2. After that, directing traffic for a particular service
is as simple as specifying which IP to use for the service (instead of allowing
the service to use ALL IPs). I haven't yet run into a service that
wouldn't allow me to do this.
That's about it.
Btw, when setting up filters and such for a
particular machine, I can use a netmask of the form 255.255.254.255 so that both
of the IPs are handled in one rule...
There may be a better way to do this that
more closely matches what you are trying to do with specific ports and such..
but this multi-homing approach is working great for me.
Chris
----- Original Message -----
Sent: Thursday, November 25, 2004 2:08
PM
Subject: Route based on port /
protocol
I have a Linux Box
with 3 NIC's connected to 2 different ISP's running a Proxy (Squid) and E-mail
server (QMail).
________
| |--
x.x.x.1 ---- x.x.x.2 (ISP-1 gateway)
| Squid |
LAN -------
10.85.1.85 --|
|
| |--
y.y.y.1 ---- y.y.y.2 (ISP-2 gateway)
--------------
All is running OK.
But now, I want do redirect all traffic from Squid (http) to
ISP-1 and all traffic from QMail (smtp) to ISP-2.
Anyone can help me
?
I've already tried
this, but no success:
# Create two tables (21 and 31)
to use with each connection
# Copy main route to table
31
ip route show
table main | grep -Ev ^default | \
while read ROUTE ; do
\
ip route add table 31 $ROUTE;
\
done
# use
ISP-1 as default gateway for table 31
ip route replace default via
x.x.x.2 table 31
# Copy main route to table
21
ip route show
table main | grep -Ev ^default | \
while read ROUTE ; do
\
ip route add table 21 $ROUTE;
\
done
# use
ISP-2 as default gateway for table 21
ip route replace default via
y.y.y.2 table 21
# Mark packages (1 or ISP-1 e 2 for
ISP-2)
# here, I've tried to
change OUTPUT for POSTROUTING and PREROUTING without
success
iptables -t mangle
-A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle
-A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2
# Define
rules to use the correct connection
ip rule add from
x.x.x.1 table 31
ip rule add fwmark
1 table 31
ip rule add from
y.y.y.1 table 21
ip rule add fwmark
2 table 21
Antonio Luiz
| 