1 |
On 17/06/2010 08:26, Rod wrote: |
2 |
> Check out iproute |
3 |
>> * sys-apps/iproute2 |
4 |
>> Latest version available: 2.6.31 |
5 |
>> Latest version installed: 2.6.31 |
6 |
>> Size of files: 363 kB |
7 |
>> Homepage: |
8 |
>> http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 |
9 |
>> |
10 |
>> Description: kernel routing and traffic control utilities |
11 |
>> License: GPL-2 |
12 |
|
13 |
It certainly looks relevant - though I've not previously come across this... |
14 |
|
15 |
> This will allow you to control the flow of packets, so packets |
16 |
> from Interface 1 will go back out the same interface. |
17 |
I'm less clear about this bit... I don't suppose you can point me at a |
18 |
how-to for the configuration of this? |
19 |
|
20 |
> This is used in conjunction with iptables, as iptables is the |
21 |
> firewall, and iproute is the packet classifyer/handler |
22 |
While rusty, I think I can do the iptables stuff... I've definitely done |
23 |
similar things with it before. |
24 |
|
25 |
> I was using this when I had 2 Internet accounts, a slow speed ADSL |
26 |
> with static IP, and a cable BB one for the usual stuff (dynamic IP) |
27 |
|
28 |
My situation is vaguely similar... I've one high-speed link at home with |
29 |
only dynamic IP - and I've got rack-mounted server with multiple static |
30 |
IPs, one of which I want to use from home in order to run a mail-server, |
31 |
revision control service and various web-services... keeping all the |
32 |
data on hardware I physically control... access is always encrypted - so |
33 |
I retain my privacy, no matter what happens to my remotely hosted |
34 |
service (including packet-sniffing etc.) and the worst case scenario is |
35 |
denial of service - which is an acceptable risk. |
36 |
|
37 |
While I've established the tunnel, I'm tearing my hair out trying to |
38 |
configure routing so that only remote access to services on my home box |
39 |
(and not my home box's web-browsing etc.) are routed over the VPN. I'm |
40 |
sure it has to be more straightforward than it appears. :-S |