Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Grant Edwards <grante@××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: How to do port-based routing?
Date: Mon, 03 Mar 2008 20:51:00
Message-Id: fqhoal$31p$1@ger.gmane.org
In Reply to: [gentoo-user] Re: How to do port-based routing? by Grant Edwards
1 On 2008-03-03, Grant Edwards <grante@××××.com> wrote:
2 > On 2008-03-03, kashani <kashani-list@××××××××.net> wrote:
3 >
4 >> I'm not aware of any iptables front end that will also manager
5 >> policy based routing which is Cisco-ese and maybe general
6 >> Network-ese for what you're trying to do. However I would use
7 >> shorewall (or whatever you prefer) to do most of the work and
8 >> then insert your custom rules where they need to go.
9 >
10 > AFAICT, I only need to add 1 iptable rule to mark outbound
11 > frames destined to particular ports.
12 >
13 >> All policy routing regardless of actual implementation has you
14 >> build an ACL of traffic you'd like messed with. Then you need
15 >> to specify what happens to traffic that matches the ACL.
16 >> However one thing the original how-to you linked left didn't
17 >> completely spell out is NAT. You MUST NAT on each interface or
18 >> you'll have all sorts of routing fun that does not work.
19 >
20 > I don't understand why I have to do NAT. Can you explain why?
21 > (Or point me to docs that explain why?)
22
23 OK, I think I see what you mean. The in the HOWTO to which I
24 linked, the box in question is apparently routing between an
25 internal network on eth0 and two external gateways on eth1 and
26 eth2. It is choosing the external gateway based on the
27 destination port of the outbound packet. That's obviously only
28 make sense if it's also doing NAT.
29
30 My application is not routing for any other machines/networks.
31 It's just a desktop machine belonging to an end-user. It has
32 two gateways to "the Internet" (each of those gateways is doing
33 NAT). All I want to do is select a gateway based on the
34 destination port of outbound packets.
35
36 --
37 Grant Edwards grante Yow! How's it going in
38 at those MODULAR LOVE UNITS??
39 visi.com
40
41 --
42 gentoo-user@l.g.o mailing list
Report Message
Find on MARC Find on Google Groups