Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Grant Edwards <grant.b.edwards@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: OT: default route dependent on dest port?
Date: Fri, 04 Oct 2013 22:16:49
Message-Id: l2nemu$3ng$1@ger.gmane.org
In Reply to: Re: [gentoo-user] OT: default route dependent on dest port? by Kerin Millar
1 On 2013-10-04, Kerin Millar <kerframil@×××××××××××.uk> wrote:
2 > On 04/10/2013 21:55, Grant Edwards wrote:
3
4 >> I then add an iptables rule like this:
5 >>
6 >> iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1
7
8 I'm about to try adding a second iptables rule to us the nat table to
9 rewrite the source IP address. Something like this:
10
11 iptables -A POSTROUTING -t nat -o net2 -m mark --mark 1 -j SNAT --to 172.16.1.2
12
13 > It would help if you were to also supply the details of:
14 >
15 > * ip -f inet -o a s
16
17 $ ip -f inet -o a s
18 1: lo inet 127.0.0.1/8 scope host lo
19 2: net0 inet 192.168.8.4/16 brd 192.168.255.255 scope global net0
20 3: net1 inet 10.0.0.1/8 brd 10.255.255.255 scope global net1
21 3: net1 inet 192.168.250.1/24 brd 192.168.250.255 scope global net1
22 3: net1 inet 192.168.1.1/24 brd 192.168.1.255 scope global net1
23 3: net1 inet 169.254.1.1/16 brd 169.254.255.255 scope global net1
24 5: net2 inet 172.16.1.2/16 brd 172.16.255.255 scope global net2
25
26 > * ip route show table main
27
28 $ ip route show table main
29 default via 192.168.0.254 dev net0 metric 2
30 10.0.0.0/8 dev net1 proto kernel scope link src 10.0.0.1
31 127.0.0.0/8 via 127.0.0.1 dev lo
32 169.254.0.0/16 dev net1 proto kernel scope link src 169.254.1.1
33 172.16.0.0/16 dev net2 proto kernel scope link src 172.16.1.2 metric 5
34 192.168.0.0/16 dev net0 proto kernel scope link src 192.168.8.4
35 192.168.1.0/24 dev net1 proto kernel scope link src 192.168.1.1
36 192.168.250.0/24 dev net1 proto kernel scope link src 192.168.250.1
37
38 > * ip route show table pmain
39
40 $ ip route show table pmain
41 default via 172.16.0.34 dev net2 metric 2
42 10.0.0.0/8 dev net1 proto kernel scope link src 10.0.0.1
43 127.0.0.0/8 via 127.0.0.1 dev lo
44 169.254.0.0/16 dev net1 proto kernel scope link src 169.254.1.1
45 172.16.0.0/16 dev net2 proto kernel scope link src 172.16.1.2 metric 5
46 192.168.0.0/16 dev net0 proto kernel scope link src 192.168.8.4
47 192.168.1.0/24 dev net1 proto kernel scope link src 192.168.1.1
48 192.168.250.0/24 dev net1 proto kernel scope link src 192.168.250.1
49
50
51
52
53 >
54 >>
55 >> Now all TCP packets destined for port 80 are sent to the 172.16
56 >> gateway, _but_ they're being sent with a 192.168 source address. The
57 >> TCP stack is apparently unaware of the advanced routing tricks and
58 >> thinks that the packets are going out via the 192.168 gateway.
59 >>
60 >> IOW I've succesfully re-routed TCP _packets_ but not the TCP
61 >> _connection_.
62 >>
63 >> How do I tell the TCP stack that it's supposed to use the 172.16
64 >> inteface/gateway for connections to port 80?
65 >
66 > --Kerin
67 >
68 >
69
70
71 --
72 Grant Edwards grant.b.edwards Yow! ! I'm in a very
73 at clever and adorable INSANE
74 gmail.com ASYLUM!!

Replies

Subject Author
[gentoo-user] Re: OT: default route dependent on dest port? Grant Edwards <grant.b.edwards@×××××.com>
Report Message
Find on MARC Find on Google Groups