From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id B609F1381F3 for ; Fri, 4 Oct 2013 22:16:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id AA668E09B5; Fri, 4 Oct 2013 22:16:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9E1DDE0964 for ; Fri, 4 Oct 2013 22:16:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id AE8DC33EE6E for ; Fri, 4 Oct 2013 22:16:30 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Flag: NO X-Spam-Score: -1.438 X-Spam-Level: X-Spam-Status: No, score=-1.438 tagged_above=-999 required=5.5 tests=[AWL=-1.986, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=1.2, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.652, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no Received: from smtp.gentoo.org ([IPv6:::ffff:127.0.0.1]) by localhost (smtp.gentoo.org [IPv6:::ffff:127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Nvd8s7cA_Pe for ; Fri, 4 Oct 2013 22:16:24 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 3750E33EEC4 for ; Fri, 4 Oct 2013 22:16:23 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1VSDfW-0000Q7-Ms for gentoo-user@gentoo.org; Sat, 05 Oct 2013 00:16:18 +0200 Received: from dsl.comtrol.com ([64.122.56.22]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 05 Oct 2013 00:16:18 +0200 Received: from grant.b.edwards by dsl.comtrol.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 05 Oct 2013 00:16:18 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Grant Edwards Subject: [gentoo-user] Re: OT: default route dependent on dest port? Date: Fri, 4 Oct 2013 22:15:58 +0000 (UTC) Message-ID: References: <524F37E4.6040106@fastmail.co.uk> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: dsl.comtrol.com User-Agent: slrn/1.0.1 (Linux) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Archives-Salt: ca2a88cb-2350-4500-9f7a-0a321272cf1a X-Archives-Hash: 563da233b2d61f1a8941704173c5cf11 On 2013-10-04, Kerin Millar wrote: > On 04/10/2013 21:55, Grant Edwards wrote: >> I then add an iptables rule like this: >> >> iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1 I'm about to try adding a second iptables rule to us the nat table to rewrite the source IP address. Something like this: iptables -A POSTROUTING -t nat -o net2 -m mark --mark 1 -j SNAT --to 172.16.1.2 > It would help if you were to also supply the details of: > > * ip -f inet -o a s $ ip -f inet -o a s 1: lo inet 127.0.0.1/8 scope host lo 2: net0 inet 192.168.8.4/16 brd 192.168.255.255 scope global net0 3: net1 inet 10.0.0.1/8 brd 10.255.255.255 scope global net1 3: net1 inet 192.168.250.1/24 brd 192.168.250.255 scope global net1 3: net1 inet 192.168.1.1/24 brd 192.168.1.255 scope global net1 3: net1 inet 169.254.1.1/16 brd 169.254.255.255 scope global net1 5: net2 inet 172.16.1.2/16 brd 172.16.255.255 scope global net2 > * ip route show table main $ ip route show table main default via 192.168.0.254 dev net0 metric 2 10.0.0.0/8 dev net1 proto kernel scope link src 10.0.0.1 127.0.0.0/8 via 127.0.0.1 dev lo 169.254.0.0/16 dev net1 proto kernel scope link src 169.254.1.1 172.16.0.0/16 dev net2 proto kernel scope link src 172.16.1.2 metric 5 192.168.0.0/16 dev net0 proto kernel scope link src 192.168.8.4 192.168.1.0/24 dev net1 proto kernel scope link src 192.168.1.1 192.168.250.0/24 dev net1 proto kernel scope link src 192.168.250.1 > * ip route show table pmain $ ip route show table pmain default via 172.16.0.34 dev net2 metric 2 10.0.0.0/8 dev net1 proto kernel scope link src 10.0.0.1 127.0.0.0/8 via 127.0.0.1 dev lo 169.254.0.0/16 dev net1 proto kernel scope link src 169.254.1.1 172.16.0.0/16 dev net2 proto kernel scope link src 172.16.1.2 metric 5 192.168.0.0/16 dev net0 proto kernel scope link src 192.168.8.4 192.168.1.0/24 dev net1 proto kernel scope link src 192.168.1.1 192.168.250.0/24 dev net1 proto kernel scope link src 192.168.250.1 > >> >> Now all TCP packets destined for port 80 are sent to the 172.16 >> gateway, _but_ they're being sent with a 192.168 source address. The >> TCP stack is apparently unaware of the advanced routing tricks and >> thinks that the packets are going out via the 192.168 gateway. >> >> IOW I've succesfully re-routed TCP _packets_ but not the TCP >> _connection_. >> >> How do I tell the TCP stack that it's supposed to use the 172.16 >> inteface/gateway for connections to port 80? > > --Kerin > > -- Grant Edwards grant.b.edwards Yow! ! I'm in a very at clever and adorable INSANE gmail.com ASYLUM!!