routing with multiple default routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I've revisited this many times over the last five years, and always wind up using BSD for my router. I need to set up another one, and I'd really like to use Linux, so here's the problem.
This site has multiple default routes, in the sense that each can be used for any external address. In order to deal with firewall rules and bandwidth limitations, I need to be able to very selectively send certain packets out certain interfaces, while allowing the fast/cheap interface to handle anything else. This can't be done with traditional routes, or I'm not smart enough to know how to handle sending via different paths to the same IP depending on the port and protocol.
I had this working with the MARK target in the mangle table, and an fwmark rule, but for some reason that wuit working in later 2.6 kernels. I want to use eth2 for default outbound, then have a lot of special cases. If it were as simple as sending packets to machine A via interface eth1 it would be easy, but for reasons of cost, security, and politics I can't do that. 

The firewall:
      eth0 - private net 1
      eth1 - T1 line, ISP1,static IP
      eth2 - 5Mbit, ISP2, dhcp
      eth3 - 768k DSL, ISP3, dhcp

Routing examples:
      all smtp, pop3, imap - eth1
      site JMinc, port ssh, eth1
      site JMinc, UDP, eth2
      site JMinc, port http, eth3
      all other http, eth2
etc, etc, and many other complex etc
With iptables and the ROUTE target this would be easier, if Linux routed packets out the appropriate interface based on source IP it would be simple (SNAT), but there just doesn't seem to be a way to short circuit routing logic and force a packet out a given interface unconditionally. And multiple default routes seem to cause issues as well.
New machine would be FC6 with all updates if I can find a way to get the routing sane. 

Any thoughts?

--
bill davidsen <davidsen@xxxxxxx>
 CTO TMR Associates, Inc
 Doing interesting things with small computers since 1979

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux