This is a multi-part message in MIME format. ------=_NextPart_000_0016_01C4D347.2A70C9B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MensagemMy solution to this exact problem isn't exactly what you asked = for, but I'll tell you anyway because it turned out to be soooo easy and = work soooo well. On my LAN I created a /23 subnet. For example, lets say it is = 192.168.2.0/23, giving us 192.168.2.0 - 192.168.3.255. I then made all = IPs in the lower half of the subnet (192.168.2.0/24) access the internet = through ISP-1, and all the IPs in the upper half of the subnet = (192.168.3.0/24) access the internet through ISP-2. Then I multi-homed my servers, so one server might have, for example, = the IPs 192.168.2.2 and 192.168.3.2. After that, directing traffic for = a particular service is as simple as specifying which IP to use for the = service (instead of allowing the service to use ALL IPs). I haven't yet = run into a service that wouldn't allow me to do this. That's about it. Btw, when setting up filters and such for a particular machine, I can = use a netmask of the form 255.255.254.255 so that both of the IPs are = handled in one rule... There may be a better way to do this that more closely matches what you = are trying to do with specific ports and such.. but this multi-homing = approach is working great for me. Chris ----- Original Message -----=20 From: Antonio Luiz=20 To: lartc@mailman.ds9a.nl=20 Sent: Thursday, November 25, 2004 2:08 PM Subject: [LARTC] Route based on port / protocol I have a Linux Box with 3 NIC's connected to 2 different ISP's running = a Proxy (Squid) and E-mail server (QMail). ________ | |-- x.x.x.1 ---- = x.x.x.2 (ISP-1 gateway) | Squid | LAN ------- 10.85.1.85 --| | | Qmail | | |-- y.y.y.1 ---- = y.y.y.2 (ISP-2 gateway) -------------- All is running OK. But now, I want do redirect all traffic from Squid = (http) to ISP-1 and all traffic from QMail (smtp) to ISP-2. Anyone can help me ? I've already tried this, but no success: # Create two tables (21 and 31) to use with each connection=20 # Copy main route to table 31 ip route show table main | grep -Ev ^default | \ while read ROUTE ; do \ ip route add table 31 $ROUTE; \ done # use ISP-1 as default gateway for table 31 ip route replace default via x.x.x.2 table 31 # Copy main route to table 21 ip route show table main | grep -Ev ^default | \ while read ROUTE ; do \ ip route add table 21 $ROUTE; \ done # use ISP-2 as default gateway for table 21 ip route replace default via y.y.y.2 table 21 # Mark packages (1 or ISP-1 e 2 for ISP-2) # here, I've tried to change OUTPUT for POSTROUTING and PREROUTING = without success iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2 # Define rules to use the correct connection ip rule add from x.x.x.1 table 31 ip rule add fwmark 1 table 31 ip rule add from y.y.y.1 table 21 ip rule add fwmark 2 table 21 Antonio Luiz=20 ------=_NextPart_000_0016_01C4D347.2A70C9B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Mensagem</TITLE> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3D"Courier New" size=3D2>My solution to this exact = problem isn't=20 exactly what you asked for, but I'll tell you anyway because it turned = out to be=20 soooo easy and work soooo well.</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>On my LAN I created a /23 = subnet. For=20 example, lets say it is 192.168.2.0/23, giving us 192.168.2.0 -=20 192.168.3.255. I then made all IPs in the lower half of the subnet = (192.168.2.0/24) access the internet through ISP-1, and all the IPs in = the upper=20 half of the subnet (192.168.3.0/24) access the internet through=20 ISP-2.</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>Then I multi-homed my servers, = so one=20 server might have, for example, the IPs 192.168.2.2 and=20 192.168.3.2. After that, directing traffic for a particular = service=20 is as simple as specifying which IP to use for the service (instead of = allowing=20 the service to use ALL IPs). I haven't yet run into a service that = wouldn't allow me to do this.</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>That's about it.</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>Btw, when setting up filters = and such for a=20 particular machine, I can use a netmask of the form 255.255.254.255 so = that both=20 of the IPs are handled in one rule...</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>There may be a better way to do = this that=20 more closely matches what you are trying to do with specific ports and = such..=20 but this multi-homing approach is working great for me.</FONT></DIV> <DIV><FONT face=3D"Courier New" size=3D2></FONT> </DIV> <DIV><FONT face=3D"Courier New" size=3D2>Chris</FONT></DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A title=3Dantoniol.ds@darte.com.br=20 href=3D"mailto:antoniol.ds@darte.com.br">Antonio Luiz</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = title=3Dlartc@mailman.ds9a.nl=20 href=3D"mailto:lartc@mailman.ds9a.nl">lartc@mailman.ds9a.nl</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Thursday, November 25, = 2004 2:08=20 PM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> [LARTC] Route based on = port /=20 protocol</DIV> <DIV><BR></DIV> <DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>I = have a Linux Box=20 with 3 NIC's connected to 2 different ISP's running a Proxy (Squid) = and E-mail=20 server (QMail).</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = =20 ________</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = =20 | = |--=20 x.x.x.1 ---- x.x.x.2 (ISP-1 gateway)</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = =20 | Squid |</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>LAN = -------=20 10.85.1.85 = --| =20 |</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = =20 | Qmail |</SPAN></FONT></DIV></SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = =20 | = |--=20 y.y.y.1 ---- y.y.y.2 (ISP-2 = gateway)</SPAN></FONT></DIV></SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004> &nbs= p;  = ; = --------------</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>All = is running OK.=20 But now, </SPAN></FONT><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004>I want do redirect all traffic from Squid = (http) to=20 ISP-1 and all traffic from QMail (smtp) to ISP-2.</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004>Anyone can help me=20 ?</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>I've = already tried=20 this, but no success:</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004><FONT face=3DArial=20 size=3D2><SPAN class=3D432521112-23112004> # Create two tables = (21 and 31)=20 to use with each connection </SPAN></FONT></DIV> <DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT><FONT face=3DArial = size=3D2><SPAN=20 class=3D432521112-23112004> # Copy main route to table=20 31</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = route show=20 table main | grep -Ev ^default | \<BR> while read ROUTE ; = do=20 \<BR> ip route add table 31 $ROUTE;=20 \<BR> done</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004> # use=20 ISP-1 as default gateway for table 31<BR>ip route replace default = via=20 x.x.x.2 table 31<BR></SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT><FONT face=3DArial = size=3D2><SPAN=20 class=3D432521112-23112004> # Copy main route to table=20 21</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = route show=20 table main | grep -Ev ^default | \<BR> while read ROUTE ; = do=20 \<BR> ip route add table 21 $ROUTE;=20 \<BR> done</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004> # use=20 ISP-2 as default gateway for table 21<BR>ip route replace default = via=20 y.y.y.2 table 21<BR></SPAN></FONT></DIV> <DIV></SPAN></FONT><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004> # Mark packages (1 or ISP-1 e = 2 for=20 ISP-2)</SPAN></FONT></SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004><FONT face=3DArial=20 size=3D2><SPAN class=3D432521112-23112004> # here, I've = tried to=20 change OUTPUT for POSTROUTING and PREROUTING without=20 success</SPAN></FONT></DIV></DIV> <DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004>iptables -t mangle=20 -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004>iptables -t mangle=20 -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN = class=3D432521112-23112004> # Define=20 rules to use the correct connection</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = rule add from=20 x.x.x.1 table 31</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = rule add fwmark=20 1 table 31</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = rule add from=20 y.y.y.1 table 21</SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN class=3D432521112-23112004>ip = rule add fwmark=20 2 table 21</SPAN></FONT></DIV></SPAN></FONT></DIV></SPAN></FONT></DIV> <DIV><FONT face=3DArial size=3D2><SPAN=20 = class=3D432521112-23112004></SPAN></FONT> </DIV></SPAN></FONT></DIV>= <DIV><FONT face=3DArial size=3D2><SPAN=20 class=3D432521112-23112004></SPAN></FONT> </DIV> <DIV><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"><SPAN=20 style=3D"mso-spacerun: yes"><FONT face=3DArial><FONT=20 = size=3D2> &nbs= p; =20 Antonio Luiz <BR></FONT></FONT></DIV></SPAN></SPAN></DIV> <DIV> </DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0016_01C4D347.2A70C9B0--