Re: source based routing help needed
- From: Pascal Hambourg <boite-a-spam@xxxxxxxxxxxxxxx>
- Date: Fri, 29 Feb 2008 12:31:32 +0100
Jack Snodgrass a écrit :
Thanks... I kind of sort of came up with something that works... I added
a 100 tunnel entry to my /etc/iproute2/rt_tables file and then I use:
iptables -t mangle -A OUTPUT -p tcp --src 10.10.3.2 --sport 80 -j MARK --
set-mark 0x2
iptables -t mangle -A OUTPUT -p tcp --src 10.10.3.2 --sport 25 -j MARK --
set-mark 0x2
ip rule add fwmark 0x2 table tunnel
ip route add default via 10.10.3.1 table tunnel
and that seems to do the trick. I really only want to do this for web and mail so specifying the individual ports is fine.... anything that comes in for those ports from my tunnel get marked and routed back out
the tunnel.
This is not what the above rules do. They just mark locally generated outgoing packets matching specific source address and port. They do not take on which interface the original packets came from into account. This would require the use of the iptables 'CONNMARK' target, e.g. :
# mark incoming connections received on tun1
iptables -t mangle -A PREROUTING -i tun1 -m state --state NEW,RELATED \
-j CONNMARK --set-mark 0x2
# copy the connection mark to outgoing packets
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
.
- References:
- source based routing help needed
- From: Jack Snodgrass
- Re: source based routing help needed
- From: Jack Snodgrass
- source based routing help needed
- Prev by Date: Re: source based routing help needed
- Next by Date: VPN with racoon Phase 2 issue
- Previous by thread: Re: source based routing help needed
- Next by thread: Stop ifconfig from adding an ipv6 address?
- Index(es):
Relevant Pages
|
