On Thu, Jun 15, 2006 at 01:01:03PM -0400, Bill Davidsen wrote: > >Also source routing doesn't require any firewall rules or marking of > >packets. > > > > > If you can show me another way to send all tcp packets to certain ports > out one interface and all other packets out another, given that both > interfaces connect to a different ISP, have full connectivity, and are > default routes, I would be grateful. The packet marking was suggested to > me by David Miller some years ago, since I need to route using port > addresses to determine source IP and interface used. Maybe your setup is slightly different from mine. We had two connections, lets say "Expensive and Slow" (E) and "Cheap and Fast" (C). The latter doesn't have static IP. Anyway, all I wanted was that all outgoing traffic went via C, the only traffic going out via E would be responses to requests coming in via E. The solution is to SNAT all connections going out to the address of C. And in the routing table, the default route is selected purely on the basis of the source IP (which will be either C or something in the netblock of E). There's no need to mark packets, or even care about ports. Hope this helps, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment:
signature.asc
Description: Digital signature
