Am Samstag, 29. Juli 2006 17:33 schrieb former03 | Baltasar
Cevc:> Hi everybody,
>
> I''m trying to set up routing for 2 links to the internet on a box
> which produces traffic itself (e.g. DNS) and will route all our local
> traffic.
>
> AS one route is quick and expensive and the other one slow and cheap,
> I want to be able to route packets for some high-level protocols to
> the second link.
>
> If I correctly understood table 3-2 in
> http://www.faqs.org/docs/iptables/traversingoftables.html that is not
> possible as the routing decision is taken even before the packet
> touches netfilter for the first time.
>
>
> Is that correct? Does anybody have some hints about how to work
> around?
It''s possible with Policy Routing. Look at
http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html for
documentation about it.
(Simplest?) way to do it: (only short excerpt)
- Mark the specific application packets with iptables in PREROUTING
chain
...
- add rules for routing fwmarked packets to seperate routing tables
ip rule add fwmark <your fwmark #1> table <routing table for slow
apps>
ip rule add fwmark <your fwmark #2> table <routing table for fast
apps>
- build both routing tables
ip route add default via $PTP1 dev <device #1> src $IP1 proto static
table <routing table for slow apps>
ip route add default via $PTP2 dev <device #2> src $IP2 proto static
table <routing table for fast apps>
(Proto static needs kernel patches, but you don''t really need this)
--
Markus Schulz