Re: iptables and routing
Take a look at using iproute2. http://www.linuxguruz.org/iptables/howto/Adv-Routing-HOWTO.html#s4 Robert Davidson wrote: Hi Everyone :) I've got a problem and I can't seem to find a solution without putting another computer in the works as a router, which isn't really a good solution. I'm using kernel 2.4.10, iptables and some policy routing. What I would like to do (if it's possible) is decide which network interface a packet goes out depending on which program generated it locally. For example, if Apache generates a packet, I always want it to go out of cipcb0 (vpn interface). I have some live IP's routed over the cipcb0 interface, and that goes over my cable link. I'm not allowed to simply serve pages on the cable modem IP because it's against their acceptable use policy, and I've already had my account suspended once for doing that. Anyway, the problem is, when someone is using the same cable provider as I do, if their proxy server gets the request it will ask my server to give it the page, but the server won't send the data out of cipcb0 because there is a host route pointing to the cable providers proxy/dns server as I want to be able to use their proxy/dns servers myself, and because the packet comes back to the cable provider through the cable modem, it gets dropped, thus there is a large area around me where users on the same cable provider that I use can not access any of my web pages. Does anyone know how to fix this problem? I've had a play with marking packets based on UID and so on in an effort to use the policy routing stuff to route the packets up to the cipcb0 interface, but I havn't has any success yet. -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables and routing
Peter Billson wrote: Take a look at using iproute2. http://www.linuxguruz.org/iptables/howto/Adv-Routing-HOWTO.html#s4 Read that many times in the past, hasn't helped. I'll go back to square one and see if I can get the thing to work how I want it to, but I don't think I'll have any success. I've done policy routing before (and am still using it) but I've never managed to get packets that are generated on the same machine as is holding the uplinks to route the packets where I want them to go. -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables and routing
Robert Davidson wrote: Peter Billson wrote: Take a look at using iproute2. http://www.linuxguruz.org/iptables/howto/Adv-Routing-HOWTO.html#s4 Read that many times in the past, hasn't helped. I'll go back to square one and see if I can get the thing to work how I want it to, but I don't think I'll have any success. I've done policy routing before (and am still using it) but I've never managed to get packets that are generated on the same machine as is holding the uplinks to route the packets where I want them to go. I've got something similar working just fine. What you need to do is, roughly: o in the OUTPUT table, mark the packets you want to go through your secure connection with some value. E.g. match on source port 80 and owner nobody; o make sure that packets marked with that value are processed in a seperate routing table, using 'ip rule', and setup that routing table according to your demands In my case the idea is that I have two uplinks and I want some applications to use the first uplink, and use the second by default. regards, Remco. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables and routing
Hi Everyone :) I've got a problem and I can't seem to find a solution without putting another computer in the works as a router, which isn't really a good solution. I'm using kernel 2.4.10, iptables and some policy routing. What I would like to do (if it's possible) is decide which network interface a packet goes out depending on which program generated it locally. For example, if Apache generates a packet, I always want it to go out of cipcb0 (vpn interface). I have some live IP's routed over the cipcb0 interface, and that goes over my cable link. I'm not allowed to simply serve pages on the cable modem IP because it's against their acceptable use policy, and I've already had my account suspended once for doing that. Anyway, the problem is, when someone is using the same cable provider as I do, if their proxy server gets the request it will ask my server to give it the page, but the server won't send the data out of cipcb0 because there is a host route pointing to the cable providers proxy/dns server as I want to be able to use their proxy/dns servers myself, and because the packet comes back to the cable provider through the cable modem, it gets dropped, thus there is a large area around me where users on the same cable provider that I use can not access any of my web pages. Does anyone know how to fix this problem? I've had a play with marking packets based on UID and so on in an effort to use the policy routing stuff to route the packets up to the cipcb0 interface, but I havn't has any success yet. -- Regards, Robert Davidson. http://www.mlug.org.au/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]