Am Samstag, 29. Juli 2006 17:33 schrieb former03 | Baltasar Cevc: > Hi everybody, > > I'm trying to set up routing for 2 links to the internet on a box > which produces traffic itself (e.g. DNS) and will route all our local > traffic. > > AS one route is quick and expensive and the other one slow and cheap, > I want to be able to route packets for some high-level protocols to > the second link. > > If I correctly understood table 3-2 in > http://www.faqs.org/docs/iptables/traversingoftables.html that is not > possible as the routing decision is taken even before the packet > touches netfilter for the first time. > > > Is that correct? Does anybody have some hints about how to work > around? It's possible with Policy Routing. Look at http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html for documentation about it. (Simplest?) way to do it: (only short excerpt) - Mark the specific application packets with iptables in PREROUTING chain ... - add rules for routing fwmarked packets to seperate routing tables ip rule add fwmark <your fwmark #1> table <routing table for slow apps> ip rule add fwmark <your fwmark #2> table <routing table for fast apps> - build both routing tables ip route add default via $PTP1 dev <device #1> src $IP1 proto static table <routing table for slow apps> ip route add default via $PTP2 dev <device #2> src $IP2 proto static table <routing table for fast apps> (Proto static needs kernel patches, but you don't really need this) -- Markus Schulz _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
