Dear Alexey Kuznetsov or other enlightened person,
I am trying to use ipchains and iproute2 to implement routing rules
based on fwmask. I have 2 ppp interfaces and I want http traffic to
use one link, and all other traffic to use the other link. I have
an ipchains rule like this :
# mark packets that can be sent over a secondary ISP
ipchains -A input -p tcp -d 0/0 http -m 1
I have used the 'ip' program to create an additional routing table
that uses ppp1 as the gateway, and does a lookup with this table
when fwmark is 1 :
ip route add default dev ppp1 table 28
ip rule add fwmark 1 lookup 28
ip route flush cache
This works fine for hosts for which I am doing IP masquerading.
But local packets do not enter into the input chain. Thus for
other hosts on my subnet, http traffic goes out over ppp1, but
for my gateway machine, http traffic still goes out over ppp0,
the default route.
I understand that by the time the packet has reached the output
chain, it is too late to mark it because a routing decision has
already been made.
Is there any way to work around this, so that locally generated
packets can be routed based on their destination port? Thanks,
-Truxton
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
