> > There is the iproute2 package, but it too does not allow a source route or
> > route based on port.
>
> Routing by port is not supported.
Ack I am mistaken, please forgive... I meant based on ToS... I was
playing with this last night some.
ipchains -A output -p tcp -d 0/0 6000:7000 -t 0x01 0x10
./ip route add default tos 0x10 via x.x.x.x
if I'm not mistaken, that should route all packets with tos 0x10 (minimum
delay) via x.x.x.x and anything else by the standard default route. The
routing table (./ip route list) shows that thisi looks to be correct, but
a tcpdump on the interface that x.x.x.x is connected to shows only SOME of
the traffic being sent to that address. the Tos is correctly marked but
as I watch the normal default route, TCP packets destined for port
6000-7000 ALSO have the ToS bits marked 0x10 but are going through the
"normal" default gateway...
this is most disturbing. :-) see the normal gateway gets NAT'd and the
IPs lose their identity (well get the IP of the NAT host) and this ruins
everything. I'm very curious as to why it does this only sometimes.
ipchains accounting shows that it's marked literally almost a megabyte of
packets as per my scheme (ICQ, FTP control, IRC, SSH) but for instance if
I use ICQ or IRC it always comes back identifying me as the NAT host.
Ack!
I just *know* I'm doing something painfully wrong and I'm gonna kick
myself for being so stupid but if anyone could point me in the right
direction I'd much appreciate it.
Thanks,
Andrew
(oh, the route table looks like this)
209.29.xx.yy via 207.139.xx.2 dev eql
207.139.xx.2 dev eql scope link
207.139.xx.6 dev ppp1 proto kernel scope link src 192.168.1.201
207.139.xx.0/26 dev eth1 proto kernel scope link src 207.139.xx.3
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.201
127.0.0.0/8 dev lo scope link
default tos 10 via 207.139.x.2 dev eql
default via 192.168.1.1 dev eth0
209.29.xx.yy is the satellite gateway
207.139.xx.2 is the other end of the EQL link (4x33k6 modems)
207.139.xx.3 is this computer
207.139.xx.6 is the address this computer gives the satellite box (NAT
host) for uplink
192.168.1.201 is this computer
192.168.1.1 is the ethernet address of the satellite box
there is a cisco terminal server sitting on the 207.139.xx.0/26 network
with 48 incoming lines. they all have real IPs. What I am trying to do
is get all traffic to go through the satellite (which is working 100% at
this moment) and now start selectively picking off certain protocols/ports
and sending them directly to the 207.139.x.2 box since they will then have
their real IP associated with the connection, not the NAT address of the
satellite box and ping times will be much lower (150ms as opposed to
600ms) and things like iCQ and the like will behave much better.
sorry for all the babbling, hopefully someone will be able to enlighten
me. :-)
Andrew
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
