Re: advanced routing packets from localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 12/10/2009 06:37 AM, ESGLinux wrote:
Hi Robert,

Routing the web traffic of my clients is solved with this:

iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK
--set-mark 0x2

and
ip rule:
from all fwmark 0x2 lookup gw1

The problem I want to solve is with the traffic originated in the own
firewall.

Greetings,

ESG



2009/12/10 Marti, Robert<RJM002@xxxxxxxx>

You'd have to use something like squid and force all your clients to
point to your squid instance.  I have no experience with any of the
router software for Linux nor do I know if any of them are available
in rhel.

Sent from my iPhone

On Dec 10, 2009, at 5:12, "ESGLinux"<esggrupos@xxxxxxxxx>  wrote:

Hi All,

I have discovered a way to route all the traffic generated for my
firewall
to go the gateway I want.
Here is what I have done:
#ip rule add from 192.168.2.2/32 lookup gw1

the ip 192.168.2.2 is the ip of the interface attached to eth1 and I
want
that the traffic goes out to the interface eth2.

The gw1 table has this:
default via 192.168.3.1 dev eth2

So with this rule all the traffic originated in the firewall that
has to go
out to the default gw attached to eth1 goes to the gateway attached to
eth2.

The question now is how can I only route, for example, the web
traffic to
this gw...

Greetings,

ESG



2009/12/9 ESGLinux<esggrupos@xxxxxxxxx>

Hi all,

I have posted several questions in this list about advanced routing
with
iproute2 to route the traffic as I want throug 2 different ADSL
lines.

I use packet marks to route them through  the selected gateway. All
works
fine, but I have a problem that I can't resolve.

I need to route the traffic originated on the server I use as
firewall/router but I don´t see how to do it because the routing d
ecision is
made before the firewall does anything.
 From this web:

http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html

*Table 6-2. Source local host (our own machine)*
StepTableChainComment 1  Local process/application (i.e., server/
client
program)2  Routing decision. What source address to use, what
outgoing
interface to use, and other necessary information that needs to be
gathered.

so all the traffic generated in the machine goes to the default
gateway and
I cant´t control it,

Any one knows how to solve this route problem?

thanks in advance

ESG

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

For local traffic, set your mark on all traffic originiating from 127.0.0.1 and other local IPs of the machine sent to destination port 80 or 443.

--
--Moby

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.  -- Benjamin Franklin


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux