advanced routing packets from localhost

ESGLinux esggrupos at gmail.com
Thu Dec 10 12:37:55 UTC 2009


Hi Robert,

Routing the web traffic of my clients is solved with this:

iptables -t mangle -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK
--set-mark 0x2

and
ip rule:
from all fwmark 0x2 lookup gw1

The problem I want to solve is with the traffic originated in the own
firewall.

Greetings,

ESG



2009/12/10 Marti, Robert <RJM002 at shsu.edu>

> You'd have to use something like squid and force all your clients to
> point to your squid instance.  I have no experience with any of the
> router software for Linux nor do I know if any of them are available
> in rhel.
>
> Sent from my iPhone
>
> On Dec 10, 2009, at 5:12, "ESGLinux" <esggrupos at gmail.com> wrote:
>
> > Hi All,
> >
> > I have discovered a way to route all the traffic generated for my
> > firewall
> > to go the gateway I want.
> > Here is what I have done:
> > #ip rule add from 192.168.2.2/32 lookup gw1
> >
> > the ip 192.168.2.2 is the ip of the interface attached to eth1 and I
> > want
> > that the traffic goes out to the interface eth2.
> >
> > The gw1 table has this:
> > default via 192.168.3.1 dev eth2
> >
> > So with this rule all the traffic originated in the firewall that
> > has to go
> > out to the default gw attached to eth1 goes to the gateway attached to
> > eth2.
> >
> > The question now is how can I only route, for example, the web
> > traffic to
> > this gw...
> >
> > Greetings,
> >
> > ESG
> >
> >
> >
> > 2009/12/9 ESGLinux <esggrupos at gmail.com>
> >
> >> Hi all,
> >>
> >> I have posted several questions in this list about advanced routing
> >> with
> >> iproute2 to route the traffic as I want throug 2 different ADSL
> >> lines.
> >>
> >> I use packet marks to route them through  the selected gateway. All
> >> works
> >> fine, but I have a problem that I can't resolve.
> >>
> >> I need to route the traffic originated on the server I use as
> >> firewall/router but I don´t see how to do it because the routing d
> >> ecision is
> >> made before the firewall does anything.
> >> From this web:
> >>
> >> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html
> >>
> >> *Table 6-2. Source local host (our own machine)*
> >> StepTableChainComment 1  Local process/application (i.e., server/
> >> client
> >> program)2  Routing decision. What source address to use, what
> >> outgoing
> >> interface to use, and other necessary information that needs to be
> >> gathered.
> >>
> >> so all the traffic generated in the machine goes to the default
> >> gateway and
> >> I cant´t control it,
> >>
> >> Any one knows how to solve this route problem?
> >>
> >> thanks in advance
> >>
> >> ESG
> >>
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



More information about the redhat-list mailing list