Re: advanced routing packets from localhost

[Moby <moby@xxxxxxxxxxxxxx>]

On 12/10/2009 06:37 AM, ESGLinux wrote:
> Hi Robert,
>
> Routing the web traffic of my clients is solved with this:
>
> iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK
> --set-mark 0x2
>
> and
> ip rule:
> from all fwmark 0x2 lookup gw1
>
> The problem I want to solve is with the traffic originated in the own
> firewall.
>
> Greetings,
>
> ESG
>
>
>
> 2009/12/10 Marti, Robert<RJM002@xxxxxxxx>
>
>    
> > You'd have to use something like squid and force all your clients to
> > point to your squid instance.  I have no experience with any of the
> > router software for Linux nor do I know if any of them are available
> > in rhel.
> >
> > Sent from my iPhone
> >
> > On Dec 10, 2009, at 5:12, "ESGLinux"<esggrupos@xxxxxxxxx>  wrote:
> >
> >      
> > > Hi All,
> > >
> > > I have discovered a way to route all the traffic generated for my
> > > firewall
> > > to go the gateway I want.
> > > Here is what I have done:
> > > #ip rule add from 192.168.2.2/32 lookup gw1
> > >
> > > the ip 192.168.2.2 is the ip of the interface attached to eth1 and I
> > > want
> > > that the traffic goes out to the interface eth2.
> > >
> > > The gw1 table has this:
> > > default via 192.168.3.1 dev eth2
> > >
> > > So with this rule all the traffic originated in the firewall that
> > > has to go
> > > out to the default gw attached to eth1 goes to the gateway attached to
> > > eth2.
> > >
> > > The question now is how can I only route, for example, the web
> > > traffic to
> > > this gw...
> > >
> > > Greetings,
> > >
> > > ESG
> > >
> > >
> > >
> > > 2009/12/9 ESGLinux<esggrupos@xxxxxxxxx>
> > >
> > >        
> > > > Hi all,
> > > >
> > > > I have posted several questions in this list about advanced routing
> > > > with
> > > > iproute2 to route the traffic as I want throug 2 different ADSL
> > > > lines.
> > > >
> > > > I use packet marks to route them through  the selected gateway. All
> > > > works
> > > > fine, but I have a problem that I can't resolve.
> > > >
> > > > I need to route the traffic originated on the server I use as
> > > > firewall/router but I don´t see how to do it because the routing d
> > > > ecision is
> > > > made before the firewall does anything.
> > > >  From this web:
> > > >
> > > > http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html
> > > >
> > > > *Table 6-2. Source local host (our own machine)*
> > > > StepTableChainComment 1  Local process/application (i.e., server/
> > > > client
> > > > program)2  Routing decision. What source address to use, what
> > > > outgoing
> > > > interface to use, and other necessary information that needs to be
> > > > gathered.
> > > >
> > > > so all the traffic generated in the machine goes to the default
> > > > gateway and
> > > > I cant´t control it,
> > > >
> > > > Any one knows how to solve this route problem?
> > > >
> > > > thanks in advance
> > > >
> > > > ESG
> > > >
> > > >          
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >        
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> >      
For local traffic, set your mark on all traffic originiating from 
127.0.0.1 and other local IPs of the machine sent to destination port 80 
or 443.

--
--Moby

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.  -- Benjamin Franklin


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list