| 1 |
Let's posit two network interfaces net1 (192.168.x.y/16) and net2 |
| 2 |
(172.16.a.b/16). There's a NAT/gateway available on each of the |
| 3 |
networks. I want to use the 172.16 gateway for TCP connections to port |
| 4 |
80 and the 192.168 gateway for everything else. |
| 5 |
|
| 6 |
I'm primarily following this example: |
| 7 |
|
| 8 |
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html |
| 9 |
|
| 10 |
My "main" routing table contains all directly accessible subnets plus |
| 11 |
a default route via the 192.168 gateway. |
| 12 |
|
| 13 |
I created a second route table named "pmain" which is identical to |
| 14 |
"main" except it has a different default route via the 172.16 gateway. |
| 15 |
|
| 16 |
My ip rules are: |
| 17 |
|
| 18 |
0: from all lookup local |
| 19 |
10000: from all fwmark 0x1 lookup pmain |
| 20 |
32766: from all lookup main |
| 21 |
32767: from all lookup default |
| 22 |
|
| 23 |
I then add an iptables rule like this: |
| 24 |
|
| 25 |
iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 |
| 26 |
|
| 27 |
Now all TCP packets destined for port 80 are sent to the 172.16 |
| 28 |
gateway, _but_ they're being sent with a 192.168 source address. The |
| 29 |
TCP stack is apparently unaware of the advanced routing tricks and |
| 30 |
thinks that the packets are going out via the 192.168 gateway. |
| 31 |
|
| 32 |
IOW I've succesfully re-routed TCP _packets_ but not the TCP |
| 33 |
_connection_. |
| 34 |
|
| 35 |
How do I tell the TCP stack that it's supposed to use the 172.16 |
| 36 |
inteface/gateway for connections to port 80? |
| 37 |
|
| 38 |
-- |
| 39 |
Grant Edwards grant.b.edwards Yow! I feel partially |
| 40 |
at hydrogenated! |
| 41 |
gmail.com |
Archives