Google
  Web www.spinics.net

Re: multiple routing tables for internal router programs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, 11 Jun 2007, Javier Charne wrote:

Andrea escribió:
Maybe a strange request, I'll try to explain this as clearer as I can
(forgive my bad english, please  :-)  ).

Está permitido responder en castellano en esta lista?
I'm setting a linux box as a router. My router uses multiple routing
tables, so I can address the traffic from specific ip addresses of my
lan to distinct ISPs providers (specifying a different default gateway
fo r each table), marking packets with iptables (prerouting marks).

This works with the forwarding traffic (lan-ISPs) that crosses my router.

But how can I reach the same result for programs/services that are
working INTO the linux box? All I want is that a program (ping, for
examples, or a VOIP server, better) uses a secondary routing table in
the same machine. In this mode, I can manipulate route settings for
different classes of program in my router.



Any possibility someone could repost this reply in english.

Lo que podés hacer es "marcar" los paquetes mediante iptables -t mangle
y luego definir reglas (ip rule) para routear cada paquete de acuerdo a
la marca que tenga, por las tablas (ip route) que tengas definidas.

Por ejemplo:
Definís una tabla con su gateway (alguno de tus conexiones), y le ponés
las redes que necesitás sean "conocidas" en la tabla:

ip route add 127.0.0.0/8   dev lo          scope link table 100
ip route add $NET_INTERNA  dev $IF_INTERNA scope link table 100
ip route add $NET_ADSL1    dev $IF_ADSL2   scope link table 100
ip route add $NET_ADSL2    dev $IF_ADSL2   scope link table 100
ip route add default dev $IF_ADSL2 via $GW_ADSL2 table 100


Definís una regla que todo paquete esté marcado con un 1, use esa tabla
de routeo (salga por ese gateway...)

ip rule add fwmark 1 table 100

Y también, marcás con un 1 cada paquete que querés que use esa tabla
(por ejemplo, el tráfico web):

iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1

Regards,

--
Tom Diehl		tdiehl@xxxxxxxxxxxx		Spamtrap address mtd123@xxxxxxxxxxxx
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux