Title: Mensagem
My solution to this exact problem isn't
exactly what you asked for, but I'll tell you anyway because it turned out to be
s easy and work s well.
On my LAN I created a /23 subnet. For
example, lets say it is 192.168.2.0/23, giving us 192.168.2.0 -
192.168.3.255. I then made all IPs in the lower half of the subnet
(192.168.2.0/24) access the internet through ISP-1, and all the IPs in the upper
half of the subnet (192.168.3.0/24) access the internet through
ISP-2.
Then I multi-homed my servers, so one
server might have, for example, the IPs 192.168.2.2 and
192.168.3.2. After that, directing traffic for a particular service
is as simple as specifying which IP to use for the service (instead of allowing
the service to use ALL IPs). I haven't yet run into a service that
wouldn't allow me to do this.
That's about it.
Btw, when setting up filters and such for a
particular machine, I can use a netmask of the form 255.255.254.255 so that both
of the IPs are handled in one rule...
There may be a better way to do this that
more closely matches what you are trying to do with specific ports and such..
but this multi-homing approach is working great for me.
Chris
- Original Message -
From:
Antonio Luiz
To: [EMAIL PROTECTED]
Sent: Thursday, November 25, 2004 2:08
PM
Subject: [LARTC] Route based on port /
protocol
I have a Linux Box
with 3 NIC's connected to 2 different ISP's running a Proxy (Squid) and E-mail
server (QMail).
| |--
x.x.x.1 x.x.x.2 (ISP-1 gateway)
| Squid |
LAN ---
10.85.1.85 --|
|
| Qmail |
| |--
y.y.y.1 y.y.y.2 (ISP-2 gateway)
--
All is running OK.
But now, I want do redirect all traffic from Squid (http) to
ISP-1 and all traffic from QMail (smtp) to ISP-2.
Anyone can help me
?
I've already tried
this, but no success:
# Create two tables (21 and 31)
to use with each connection
# Copy main route to table
31
ip route show
table main | grep -Ev ^default | \ while read ROUTE ; do
\ ip route add table 31 $ROUTE;
\ done
# use
ISP-1 as default gateway for table 31ip route replace default via
x.x.x.2 table 31
# Copy main route to table
21
ip route show
table main | grep -Ev ^default | \ while read ROUTE ; do
\ ip route add table 21 $ROUTE;
\ done
# use
ISP-2 as default gateway for table 21ip route replace default via
y.y.y.2 table 21
# Mark packages (1 or ISP-1 e 2 for
ISP-2)
# here, I've tried to
change OUTPUT for POSTROUTING and PREROUTING without
success
iptables -t mangle
-A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle
-A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2
# Define
rules to use the correct connection
ip rule add from
x.x.x.1 table 31
ip rule add fwmark
1 table 31
ip rule add from
y.y.y.1 table 21
ip rule add fwmark
2 table 21
Antonio Luiz
