1 |
On 2008-03-03, Grant Edwards <grante@××××.com> wrote: |
2 |
> On 2008-03-03, kashani <kashani-list@××××××××.net> wrote: |
3 |
> |
4 |
>> I'm not aware of any iptables front end that will also manager |
5 |
>> policy based routing which is Cisco-ese and maybe general |
6 |
>> Network-ese for what you're trying to do. However I would use |
7 |
>> shorewall (or whatever you prefer) to do most of the work and |
8 |
>> then insert your custom rules where they need to go. |
9 |
> |
10 |
> AFAICT, I only need to add 1 iptable rule to mark outbound |
11 |
> frames destined to particular ports. |
12 |
> |
13 |
>> All policy routing regardless of actual implementation has you |
14 |
>> build an ACL of traffic you'd like messed with. Then you need |
15 |
>> to specify what happens to traffic that matches the ACL. |
16 |
>> However one thing the original how-to you linked left didn't |
17 |
>> completely spell out is NAT. You MUST NAT on each interface or |
18 |
>> you'll have all sorts of routing fun that does not work. |
19 |
> |
20 |
> I don't understand why I have to do NAT. Can you explain why? |
21 |
> (Or point me to docs that explain why?) |
22 |
|
23 |
OK, I think I see what you mean. The in the HOWTO to which I |
24 |
linked, the box in question is apparently routing between an |
25 |
internal network on eth0 and two external gateways on eth1 and |
26 |
eth2. It is choosing the external gateway based on the |
27 |
destination port of the outbound packet. That's obviously only |
28 |
make sense if it's also doing NAT. |
29 |
|
30 |
My application is not routing for any other machines/networks. |
31 |
It's just a desktop machine belonging to an end-user. It has |
32 |
two gateways to "the Internet" (each of those gateways is doing |
33 |
NAT). All I want to do is select a gateway based on the |
34 |
destination port of outbound packets. |
35 |
|
36 |
-- |
37 |
Grant Edwards grante Yow! How's it going in |
38 |
at those MODULAR LOVE UNITS?? |
39 |
visi.com |
40 |
|
41 |
-- |
42 |
gentoo-user@l.g.o mailing list |