advanced routing packets from localhost

Moby moby at mobsternet.com
Thu Dec 10 14:36:41 UTC 2009 


On 12/10/2009 06:37 AM, ESGLinux wrote:
> Hi Robert,
>
> Routing the web traffic of my clients is solved with this:
>
> iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK
> --set-mark 0x2
>
> and
> ip rule:
> from all fwmark 0x2 lookup gw1
>
> The problem I want to solve is with the traffic originated in the own
> firewall.
>
> Greetings,
>
> ESG
>
>
>
> 2009/12/10 Marti, Robert<RJM002 at shsu.edu>
>
>    
>> You'd have to use something like squid and force all your clients to
>> point to your squid instance.  I have no experience with any of the
>> router software for Linux nor do I know if any of them are available
>> in rhel.
>>
>> Sent from my iPhone
>>
>> On Dec 10, 2009, at 5:12, "ESGLinux"<esggrupos at gmail.com>  wrote:
>>
>>      
>>> Hi All,
>>>
>>> I have discovered a way to route all the traffic generated for my
>>> firewall
>>> to go the gateway I want.
>>> Here is what I have done:
>>> #ip rule add from 192.168.2.2/32 lookup gw1
>>>
>>> the ip 192.168.2.2 is the ip of the interface attached to eth1 and I
>>> want
>>> that the traffic goes out to the interface eth2.
>>>
>>> The gw1 table has this:
>>> default via 192.168.3.1 dev eth2
>>>
>>> So with this rule all the traffic originated in the firewall that
>>> has to go
>>> out to the default gw attached to eth1 goes to the gateway attached to
>>> eth2.
>>>
>>> The question now is how can I only route, for example, the web
>>> traffic to
>>> this gw...
>>>
>>> Greetings,
>>>
>>> ESG
>>>
>>>
>>>
>>> 2009/12/9 ESGLinux<esggrupos at gmail.com>
>>>
>>>        
>>>> Hi all,
>>>>
>>>> I have posted several questions in this list about advanced routing
>>>> with
>>>> iproute2 to route the traffic as I want throug 2 different ADSL
>>>> lines.
>>>>
>>>> I use packet marks to route them through  the selected gateway. All
>>>> works
>>>> fine, but I have a problem that I can't resolve.
>>>>
>>>> I need to route the traffic originated on the server I use as
>>>> firewall/router but I don´t see how to do it because the routing d
>>>> ecision is
>>>> made before the firewall does anything.
>>>>  From this web:
>>>>
>>>> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html
>>>>
>>>> *Table 6-2. Source local host (our own machine)*
>>>> StepTableChainComment 1  Local process/application (i.e., server/
>>>> client
>>>> program)2  Routing decision. What source address to use, what
>>>> outgoing
>>>> interface to use, and other necessary information that needs to be
>>>> gathered.
>>>>
>>>> so all the traffic generated in the machine goes to the default
>>>> gateway and
>>>> I cant´t control it,
>>>>
>>>> Any one knows how to solve this route problem?
>>>>
>>>> thanks in advance
>>>>
>>>> ESG
>>>>
>>>>          
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>        
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>      
For local traffic, set your mark on all traffic originiating from 
127.0.0.1 and other local IPs of the machine sent to destination port 80 
or 443.

-- 
--Moby

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.  -- Benjamin Franklin

More information about the redhat-list mailing list