On Wed, Feb 14, 2001 at 05:56:42PM +1100, Des Wass wrote:
> ---Internet-----LINUX-------LAN
> |
> |
> Frame-Relay
> (Ports 80 and 23 only)
> |
> |
> ---Internet-----LINUX-------LAN
>
> What is the best way to do this?
assuming kernel 2.2.x
http://www.compendium.com.ar/policy-routing.txt
chapter 6.
I think your drawing is a bit lacking in detail,
to put it nicely :)
for sydney:
ipchains -I input -p tcp -d melb/24 23 -m 1
ipchains -I input -p tcp -d melb/24 80 -m 1
# Mark telnet and http traffic destine for melbourne with "1"
ipchains -I input -p tcp -s sydney/24 23 -d melb/24 -m 1
ipchains -I input -p tcp -s sydney/24 80 -d melb/24 -m 1
# This should mark telnet and http replies that are destine for
# melbourne.
ip ru add fwmark 1 table 10 pref 2500
ip ro add default via sydneyframerelayip table 10
ip route flush cache
# route packets marked with "1" via sydenyframerelayip
for melbourne:
ipchains -I input -p tcp -d sydney/24 23 -m 1
ipchains -I input -p tcp -d syndey/24 80 -m 1
# Mark telnet and http traffic destine for sydney with "1"
ipchains -I input -p tcp -s melb/24 23 -d sydney/24 -m 1
ipchains -I input -p tcp -s melb/24 80 -d sydney/24 -m 1
# This should mark telnet and http replies that are destine for
# sydney.
ip ru add fwmark 1 table 10 pref 2500
ip ro add default via melbframerelayip table 10
ip route flush cache
# route packets marked with "1" via melbframerelayip
http://www.ds9a.nl/2.4Routing/HOWTO//cvs/2.4routing/output/2.4routing-4.html
would also be a useful read, as well as ip-cref.ps
it requires the iproute package and CONFIG_IP_ROUTE_FWMARK kernel option set.
advanced ip routing is fun, you can do all sorts of neat things like
making your bosses internet access slow as a dog, etc, etc. :)
Let us know if it worked, or if you need a little more help, or if
someone spots a mistake, speak up :)
--
chesty
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
