| 1 |
On Fri, 4 Oct 2013 20:55:25 +0000 (UTC) |
| 2 |
Grant Edwards <grant.b.edwards@×××××.com> wrote: |
| 3 |
|
| 4 |
> Let's posit two network interfaces net1 (192.168.x.y/16) and net2 |
| 5 |
> (172.16.a.b/16). There's a NAT/gateway available on each of the |
| 6 |
> networks. I want to use the 172.16 gateway for TCP connections to port |
| 7 |
> 80 and the 192.168 gateway for everything else. |
| 8 |
> |
| 9 |
> I'm primarily following this example: |
| 10 |
> |
| 11 |
> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html |
| 12 |
> |
| 13 |
> My "main" routing table contains all directly accessible subnets plus |
| 14 |
> a default route via the 192.168 gateway. |
| 15 |
> |
| 16 |
> I created a second route table named "pmain" which is identical to |
| 17 |
> "main" except it has a different default route via the 172.16 gateway. |
| 18 |
> |
| 19 |
> My ip rules are: |
| 20 |
> |
| 21 |
> 0: from all lookup local |
| 22 |
> 10000: from all fwmark 0x1 lookup pmain |
| 23 |
> 32766: from all lookup main |
| 24 |
> 32767: from all lookup default |
| 25 |
> |
| 26 |
> I then add an iptables rule like this: |
| 27 |
> |
| 28 |
> iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 |
| 29 |
> |
| 30 |
> Now all TCP packets destined for port 80 are sent to the 172.16 |
| 31 |
> gateway, _but_ they're being sent with a 192.168 source address. The |
| 32 |
> TCP stack is apparently unaware of the advanced routing tricks and |
| 33 |
> thinks that the packets are going out via the 192.168 gateway. |
| 34 |
> |
| 35 |
> IOW I've succesfully re-routed TCP _packets_ but not the TCP |
| 36 |
> _connection_. |
| 37 |
> |
| 38 |
> How do I tell the TCP stack that it's supposed to use the 172.16 |
| 39 |
> inteface/gateway for connections to port 80? |
| 40 |
> |
| 41 |
|
| 42 |
Hi, |
| 43 |
It's been a while but i believe you want to route via interface not |
| 44 |
gateway. Providing more info will make it easier to help you. |
Archives