Hello, The problem with that is that the routing decision is made before the packets get marked, so although I get the packets marked they follow the route decided in the previous steps you can see this steps in this web: http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html <http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html>or am I doing anything wrong? Thanks, ESG 2009/12/10 Moby <moby@xxxxxxxxxxxxxx> > > > On 12/10/2009 06:37 AM, ESGLinux wrote: > >> Hi Robert, >> >> Routing the web traffic of my clients is solved with this: >> >> iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK >> --set-mark 0x2 >> >> and >> ip rule: >> from all fwmark 0x2 lookup gw1 >> >> The problem I want to solve is with the traffic originated in the own >> firewall. >> >> Greetings, >> >> ESG >> >> >> >> 2009/12/10 Marti, Robert<RJM002@xxxxxxxx> >> >> >> >>> You'd have to use something like squid and force all your clients to >>> point to your squid instance. I have no experience with any of the >>> router software for Linux nor do I know if any of them are available >>> in rhel. >>> >>> Sent from my iPhone >>> >>> On Dec 10, 2009, at 5:12, "ESGLinux"<esggrupos@xxxxxxxxx> wrote: >>> >>> >>> >>>> Hi All, >>>> >>>> I have discovered a way to route all the traffic generated for my >>>> firewall >>>> to go the gateway I want. >>>> Here is what I have done: >>>> #ip rule add from 192.168.2.2/32 lookup gw1 >>>> >>>> the ip 192.168.2.2 is the ip of the interface attached to eth1 and I >>>> want >>>> that the traffic goes out to the interface eth2. >>>> >>>> The gw1 table has this: >>>> default via 192.168.3.1 dev eth2 >>>> >>>> So with this rule all the traffic originated in the firewall that >>>> has to go >>>> out to the default gw attached to eth1 goes to the gateway attached to >>>> eth2. >>>> >>>> The question now is how can I only route, for example, the web >>>> traffic to >>>> this gw... >>>> >>>> Greetings, >>>> >>>> ESG >>>> >>>> >>>> >>>> 2009/12/9 ESGLinux<esggrupos@xxxxxxxxx> >>>> >>>> >>>> >>>>> Hi all, >>>>> >>>>> I have posted several questions in this list about advanced routing >>>>> with >>>>> iproute2 to route the traffic as I want throug 2 different ADSL >>>>> lines. >>>>> >>>>> I use packet marks to route them through the selected gateway. All >>>>> works >>>>> fine, but I have a problem that I can't resolve. >>>>> >>>>> I need to route the traffic originated on the server I use as >>>>> firewall/router but I don´t see how to do it because the routing d >>>>> ecision is >>>>> made before the firewall does anything. >>>>> From this web: >>>>> >>>>> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html >>>>> >>>>> *Table 6-2. Source local host (our own machine)* >>>>> StepTableChainComment 1 Local process/application (i.e., server/ >>>>> client >>>>> program)2 Routing decision. What source address to use, what >>>>> outgoing >>>>> interface to use, and other necessary information that needs to be >>>>> gathered. >>>>> >>>>> so all the traffic generated in the machine goes to the default >>>>> gateway and >>>>> I cant´t control it, >>>>> >>>>> Any one knows how to solve this route problem? >>>>> >>>>> thanks in advance >>>>> >>>>> ESG >>>>> >>>>> >>>>> >>>> -- >>>> redhat-list mailing list >>>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe >>>> https://www.redhat.com/mailman/listinfo/redhat-list >>>> >>>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> >>> >> For local traffic, set your mark on all traffic originiating from > 127.0.0.1 and other local IPs of the machine sent to destination port 80 or > 443. > > -- > --Moby > > They that can give up essential liberty to obtain a little temporary safety > deserve neither liberty nor safety. -- Benjamin Franklin > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
