[CLUG-tech] Simple advanced routing
karnaugh at karnaugh.za.net
Fri Mar 16 20:05:19 SAST 2007
J-P Human wrote:
> iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 22 -j MARK
> --set-mark 1
> ip route add default via 192.168.1.2 dev eth0 table IS
Don't specify devices on routes unless it's a link route. but eth0 ok...
Wait.. you're routing *in* and *out* on eth0? How's that going to work?
If you want the linux boxs traffic to be policy routed as well then
you need the OUTPUT chain. If you want it to behave correctly as a
router then you need two nics or the route is cached elsewhere as a
redirect on the same ethernet segment.
> # route -n
*stab* *stab* *stab**stab**stab**stab**stab**stab**stab**stab**stab**stab*
ip route, not route -n.. word...
HTH. Otherwise have a glance at http://www.karnaugh.za.net/show?id=194
Colin Alston ~ http://www.karnaugh.za.net/
Expecting one person to deal with all your problems is like praying
each time you require an ambulance: You'll eventually be dead long
before you get a response.
More information about the clug-tech