Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Write an article for LinuxForums Today! Win Great Prizes!
I'm trying to get selective traffic(by port) go through the specified interface(i have TWO internet providers with two different ip address in two different interfaces) I'm following instructions from this site (linux-ip.net/html/adv-multi-internet.html) and basically what I did is:
Add the respective ip address to ethx(x.x.x.2), ethy(y.y.y.2), ethz(z.z.z.2).
Enable masquerade in both internet providers interfaces:
iptables -t nat -A POSTROUTING -o ethx -j MASQUERADE
iptables -t nat -A POSTROUTING -o ethz -j MASQUERADE
Separate IP2(internet provider 2) routing information in its own table (tableX):
ip route add x.x.x.0/28 dev ethx table tableX
ip route add y.y.y.0/24 dev ethy table tableX
ip route add default via x.x.x.1 dev ethx table tableX
ip rule add from x.x.x.2 table tableX
Set default (main table) route to IP1(internet provider 1):
ip route add default via z.z.z.1 dev ethz
Mark selected traffic to avoid this going through the default route(z.z.z.1):
iptables -t mangle -A PREROUTING -i ethy -p tcp --dport 3389 -j MARK --set-mark 200
Finally set marked packets to go through selected table:
ip rule add fwmark 200 table tableX
The problem is that a computer in the LAN side(y.y.y.0/24) is unable to connect to the external target. Using tcpdump to trace the traffic in the ethx interface shows that the packet is actually reaching the target AND that the target is responding back, BUT this response never gets to the client(as shown by a tcpdump in the ethy interface). The weird point is that if i replace the step 7(the mangle rule) with an iproute2 rule:
ip rule add from y.y.y.155 table tableX
Everything works. But since I ONLY need this specific port traffic(3389) go through this interface this solution is unacceptable. Any clues?
Open Source Security Myths Dispelled Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization subscribe
InformationWeek InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology. subscribe