From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 0F8161381F3 for ; Fri, 4 Oct 2013 20:55:59 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C629E0A7C; Fri, 4 Oct 2013 20:55:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 164A6E09FE for ; Fri, 4 Oct 2013 20:55:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 5347E33EE8A for ; Fri, 4 Oct 2013 20:55:51 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.441 X-Spam-Level: X-Spam-Status: No, score=-1.441 tagged_above=-999 required=5.5 tests=[AWL=-1.989, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TEhChBppN0l7 for ; Fri, 4 Oct 2013 20:55:45 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A16C233EE82 for ; Fri, 4 Oct 2013 20:55:45 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VSCPX-0005lb-4Y for gentoo-user@gentoo.org; Fri, 04 Oct 2013 22:55:43 +0200 Received: from dsl.comtrol.com ([64.122.56.22]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Oct 2013 22:55:43 +0200 Received: from grant.b.edwards by dsl.comtrol.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 04 Oct 2013 22:55:43 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Grant Edwards Subject: [gentoo-user] OT: default route dependent on dest port? Date: Fri, 4 Oct 2013 20:55:25 +0000 (UTC) Message-ID: X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: dsl.comtrol.com User-Agent: slrn/1.0.1 (Linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Archives-Salt: e183c286-e25f-419d-bcec-f714f7345bf8 X-Archives-Hash: 8df6a32bb6c5678f3c364486985329ef Let's posit two network interfaces net1 (192.168.x.y/16) and net2 (172.16.a.b/16). There's a NAT/gateway available on each of the networks. I want to use the 172.16 gateway for TCP connections to port 80 and the 192.168 gateway for everything else. I'm primarily following this example: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html My "main" routing table contains all directly accessible subnets plus a default route via the 192.168 gateway. I created a second route table named "pmain" which is identical to "main" except it has a different default route via the 172.16 gateway. My ip rules are: 0: from all lookup local 10000: from all fwmark 0x1 lookup pmain 32766: from all lookup main 32767: from all lookup default I then add an iptables rule like this: iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 Now all TCP packets destined for port 80 are sent to the 172.16 gateway, _but_ they're being sent with a 192.168 source address. The TCP stack is apparently unaware of the advanced routing tricks and thinks that the packets are going out via the 192.168 gateway. IOW I've succesfully re-routed TCP _packets_ but not the TCP _connection_. How do I tell the TCP stack that it's supposed to use the 172.16 inteface/gateway for connections to port 80? -- Grant Edwards grant.b.edwards Yow! I feel partially at hydrogenated! gmail.com