Re: Fedora Firewall with multiple public IPs
- From: Tait Clarridge <tait@xxxxxxxxxxxx>
- Date: Sat, 03 Oct 2009 15:48:56 -0400
As far as I'm concerned, it should follow these ‘basic’ rulesMake the cheap unlimited ISP the default route, use the mangle table to MARK the
· All traffic goes via my unlimited connection (with the
· Email – Goes via an SMTP relay for one of our providers, which
has been added to our DNS
· SIP traffic goes via the same provider, as they provide a rock
If my A1 provider is absent for any reason, then use my B1 provider,
until A1 comes backup. Any ideas, and suggestions will be appreciated J
connections you want to go through the other ISP, then use a source route based
on the MARK to force the packets out the non-default interface. Use the nat
table to SNAT the marked packets to the correct source address.
I do that at several sites.
I recently did that for a VPN server, you could probably do something
like the following (after making the unlimited connection your default):
# Flush a route table (to make sure there is nothing in it)
# You can pick any number, I chose 300
ip route flush table 300
# Delete the fwmark that we are going to use (0x50 is going to be used
ip rule del fwmark 0x50
# Create the mangle table to mark source packets (SMTP for example)
# The --set-mark 80 is in correlation with the fwmark 0x50 (as 0x50 is
80 in hex)
iptables -t mangle -A OUTPUT -j MARK --set-mark 80 -p tcp --sport 25
# Do something similar for each of the SIP ports you want to open
# Set the default route for table 300
ip route add table 300 default via <your second connection gateway>
# Add the FWMARK rule to the table
ip rule add fwmark 0x50 table 300
You can easily MARK additional ports to send out the more stable
connection by adding more IPTABLES rules.
Also, make sure that the ports have been opened in iptables so they can
Description: This is a digitally signed message part
fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Prev by Date: Re: Live USB from Live CD image?
- Next by Date: Re: libflashplayer downloaded to memory?
- Previous by thread: Re: Fedora Firewall with multiple public IPs
- Next by thread: problem with nvida settings