Michiel,
: I have the following situation:
: 1 gateway box with 2 WAN interfaces (eth1 and eth2).
: 1 LAN interface eth0
: default gateway is eth2
: I want to route all traffic with destination protocol tcp 22 (ssh) NOT
: over the default gateway eth2 but force them to find it's route over
: eth1.
: All other traffic must go the normal way over eth2.
:
: Is this possible with tc or an other tool?
You already have an answer from Markus Schulz, but I thought I might
add a bit of help, too. You are describing a problem that can be
solved with policy routing. Linux has long supported policy
routing. Although I have not updated my documentation in quite some
time, you may find this document [0] helpful in untangling the
possible configurations to support policy routing.
In short, one solution involves:
- [optional] making an entry in the /etc/iproute2/rt_tables file
"grep -q secondary /etc/iproute2/rt_tables \
|| echo 3 secondary > /etc/iproute2/rt_tables"
- adding a routing table with its default route pointed out eth1
"ip route add default via $ETH1_GW dev eth1 table secondary"
- marking the traffic you wish to handle differently
"iptables [ ... selectors ... ] -j MARK --set-mark 3"
- modifying the RPDB to include select your secondary routing
table for traffic with fwmark 3
"ip rule add fwmark 3 table secondary"
That should get you most of the way there. Remember a few
additional tips which often stump beginners with policy routing:
- Think about the return packets. Are they handled according to
your plan?
- Turn off reverse path filtering (rp_filter) [1]
- Make sure your (S)NAT rules are correct for packets leaving
via eth1 (the other interface).
Good luck,
-Martin
[0] http://linux-ip.net/html/adv-multi-internet.html
[1] http://ipsysctl-tutorial.frozentux.net/chunkyhtml/theconfvariables.html#AEN634
--
Martin A. Brown --- Wonderfrog Enterprises --- martin@xxxxxxxxxxxxxx
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
