LARTC - Nov 2004 - Route based on port / protocol

I have a Linux Box with 3 NIC''s connected to 2 different ISP''s
running a
Proxy (Squid) and E-mail server (QMail).
                                  ________
                                  |             |-- x.x.x.1 ---- x.x.x.2
(ISP-1 gateway)
                                  |   Squid  |
LAN ------- 10.85.1.85 --|             |
                                  |  Qmail  |
                                  |             |-- y.y.y.1 ---- y.y.y.2
(ISP-2 gateway)
                                  --------------
 
All is running OK. But now, I want do redirect all traffic from Squid (http)
to ISP-1 and all traffic from QMail (smtp) to ISP-2.
Anyone can help me ?
 
 
I''ve already tried this, but no success:
 
  # Create two tables (21 and 31) to use with each connection 
  # Copy main route to table 31
ip route show table main | grep -Ev ^default | \
   while read ROUTE ; do \
     ip route add table 31 $ROUTE; \
   done
  # use ISP-1 as default gateway for table 31
ip route replace default via x.x.x.2 table 31

  # Copy main route to table 21
ip route show table main | grep -Ev ^default | \
   while read ROUTE ; do \
     ip route add table 21 $ROUTE; \
   done
  # use ISP-2 as default gateway for table 21
ip route replace default via y.y.y.2 table 21

   # Mark packages (1 or ISP-1 e 2 for ISP-2)
   # here, I''ve tried to change OUTPUT for POSTROUTING and PREROUTING
without success
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2
 
  # Define rules to use the correct connection
ip rule add from x.x.x.1 table 31
ip rule add fwmark 1 table 31
 
ip rule add from y.y.y.1 table 21
ip rule add fwmark 2 table 21
 
 
             Antonio Luiz

MensagemMy solution to this exact problem isn''t exactly what you asked
for, but I''ll tell you anyway because it turned out to be soooo easy
and work soooo well.

On my LAN I created a /23 subnet.  For example, lets say it is 192.168.2.0/23,
giving us 192.168.2.0 - 192.168.3.255.  I then made all IPs in the lower half of
the subnet (192.168.2.0/24) access the internet through ISP-1, and all the IPs
in the upper half of the subnet (192.168.3.0/24) access the internet through
ISP-2.

Then I multi-homed my servers, so one server might have, for example, the IPs
192.168.2.2 and 192.168.3.2.   After that, directing traffic for a particular
service is as simple as specifying which IP to use for the service (instead of
allowing the service to use ALL IPs).  I haven''t yet run into a service
that wouldn''t allow me to do this.

That''s about it.

Btw, when setting up filters and such for a particular machine, I can use a
netmask of the form 255.255.254.255 so that both of the IPs are handled in one
rule...

There may be a better way to do this that more closely matches what you are
trying to do with specific ports and such.. but this multi-homing approach is
working great for me.

Chris
  ----- Original Message ----- 
  From: Antonio Luiz 
  To: lartc@mailman.ds9a.nl 
  Sent: Thursday, November 25, 2004 2:08 PM
  Subject: [LARTC] Route based on port / protocol


  I have a Linux Box with 3 NIC''s connected to 2 different
ISP''s running a Proxy (Squid) and E-mail server (QMail).
                                    ________
                                    |             |-- x.x.x.1 ---- x.x.x.2
(ISP-1 gateway)
                                    |   Squid  |
  LAN ------- 10.85.1.85 --|             |
                                    |  Qmail  |
                                    |             |-- y.y.y.1 ---- y.y.y.2
(ISP-2 gateway)
                                    --------------

  All is running OK. But now, I want do redirect all traffic from Squid (http)
to ISP-1 and all traffic from QMail (smtp) to ISP-2.
  Anyone can help me ?


  I''ve already tried this, but no success:

    # Create two tables (21 and 31) to use with each connection 
    # Copy main route to table 31
  ip route show table main | grep -Ev ^default | \
     while read ROUTE ; do \
       ip route add table 31 $ROUTE; \
     done
    # use ISP-1 as default gateway for table 31
  ip route replace default via x.x.x.2 table 31

    # Copy main route to table 21
  ip route show table main | grep -Ev ^default | \
     while read ROUTE ; do \
       ip route add table 21 $ROUTE; \
     done
    # use ISP-2 as default gateway for table 21
  ip route replace default via y.y.y.2 table 21

     # Mark packages (1 or ISP-1 e 2 for ISP-2)
     # here, I''ve tried to change OUTPUT for POSTROUTING and PREROUTING
without success
  iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
  iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 2

    # Define rules to use the correct connection
  ip rule add from x.x.x.1 table 31
  ip rule add fwmark 1 table 31

  ip rule add from y.y.y.1 table 21
  ip rule add fwmark 2 table 21


               Antonio Luiz