Re: advanced routing packets from localhost

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

The problem with that is that the routing decision is made before the
packets get marked, so although I get the packets marked they follow the
route decided in the previous steps

you can see this steps in this web:

http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html

<http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html>or am I doing
anything wrong?

Thanks,

ESG


2009/12/10 Moby <moby@xxxxxxxxxxxxxx>

>
>
> On 12/10/2009 06:37 AM, ESGLinux wrote:
>
>> Hi Robert,
>>
>> Routing the web traffic of my clients is solved with this:
>>
>> iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK
>> --set-mark 0x2
>>
>> and
>> ip rule:
>> from all fwmark 0x2 lookup gw1
>>
>> The problem I want to solve is with the traffic originated in the own
>> firewall.
>>
>> Greetings,
>>
>> ESG
>>
>>
>>
>> 2009/12/10 Marti, Robert<RJM002@xxxxxxxx>
>>
>>
>>
>>> You'd have to use something like squid and force all your clients to
>>> point to your squid instance.  I have no experience with any of the
>>> router software for Linux nor do I know if any of them are available
>>> in rhel.
>>>
>>> Sent from my iPhone
>>>
>>> On Dec 10, 2009, at 5:12, "ESGLinux"<esggrupos@xxxxxxxxx>  wrote:
>>>
>>>
>>>
>>>> Hi All,
>>>>
>>>> I have discovered a way to route all the traffic generated for my
>>>> firewall
>>>> to go the gateway I want.
>>>> Here is what I have done:
>>>> #ip rule add from 192.168.2.2/32 lookup gw1
>>>>
>>>> the ip 192.168.2.2 is the ip of the interface attached to eth1 and I
>>>> want
>>>> that the traffic goes out to the interface eth2.
>>>>
>>>> The gw1 table has this:
>>>> default via 192.168.3.1 dev eth2
>>>>
>>>> So with this rule all the traffic originated in the firewall that
>>>> has to go
>>>> out to the default gw attached to eth1 goes to the gateway attached to
>>>> eth2.
>>>>
>>>> The question now is how can I only route, for example, the web
>>>> traffic to
>>>> this gw...
>>>>
>>>> Greetings,
>>>>
>>>> ESG
>>>>
>>>>
>>>>
>>>> 2009/12/9 ESGLinux<esggrupos@xxxxxxxxx>
>>>>
>>>>
>>>>
>>>>> Hi all,
>>>>>
>>>>> I have posted several questions in this list about advanced routing
>>>>> with
>>>>> iproute2 to route the traffic as I want throug 2 different ADSL
>>>>> lines.
>>>>>
>>>>> I use packet marks to route them through  the selected gateway. All
>>>>> works
>>>>> fine, but I have a problem that I can't resolve.
>>>>>
>>>>> I need to route the traffic originated on the server I use as
>>>>> firewall/router but I don´t see how to do it because the routing d
>>>>> ecision is
>>>>> made before the firewall does anything.
>>>>>  From this web:
>>>>>
>>>>> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html
>>>>>
>>>>> *Table 6-2. Source local host (our own machine)*
>>>>> StepTableChainComment 1  Local process/application (i.e., server/
>>>>> client
>>>>> program)2  Routing decision. What source address to use, what
>>>>> outgoing
>>>>> interface to use, and other necessary information that needs to be
>>>>> gathered.
>>>>>
>>>>> so all the traffic generated in the machine goes to the default
>>>>> gateway and
>>>>> I cant´t control it,
>>>>>
>>>>> Any one knows how to solve this route problem?
>>>>>
>>>>> thanks in advance
>>>>>
>>>>> ESG
>>>>>
>>>>>
>>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>
>>>
>> For local traffic, set your mark on all traffic originiating from
> 127.0.0.1 and other local IPs of the machine sent to destination port 80 or
> 443.
>
> --
> --Moby
>
> They that can give up essential liberty to obtain a little temporary safety
> deserve neither liberty nor safety.  -- Benjamin Franklin
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux