Am Montag, 3. Januar 2005 20:34 schrieb Jure Koren:
On Monday 03 January 2005 17:44, Markus Feilner wrote:
Hello List,
Can I use iptables to route traffic to or from one port via a different gateway than the default?
If so, which is the right target? iptables ... -j REDIRECT?
Or should I use a different software for that? Because of dyndns i cannot use the routing table for that hosts...
This seems a bit off topic for a security list, but nevertheless...
Well - thanks nevertheless!
You create a routing table by entering it into /etc/iproute2/rt_tables, say 10 alter
Then you add a default route to that routing table: ip route add <gateway network> dev <device> table alter ip route add default dev <device> via <gateway> src <source ip> table alter
Then you mark all packets going to ports x, y, z: iptables -t mangle -I PREROUTING -i <localnet interface> -p tcp -m multiport --dports x,y,z -j MARK 0x10
Then you add a rule, saying all traffic your firewall marked should be routed using the routing table called alter: ip rule add fwmark 0x10 table alter
The example only shows tcp ports, but you can do the same for udp, obviously.
Note that packets routed with routing table "alter" will only ever go to the default gateway, unless you add other routes to that routing table.
-- Jure Koren, n.i.
Thank your very much!!! -- Mit freundlichen Grüßen Markus Feilner --------------------------- Bitte beachten Sie unsere neuen Adressdaten! Vielen Dank. --------------------------- Feilner IT Linux & GIS Linux Solutions, Training, Seminare und Workshops - auch Inhouse Beraiterweg 4 93047 Regensburg fon +49 941 9465243 fax +49 941 9465244 mobil + +49 170 3027092 mail mfeilner@feilner-it.net web http://www.feilner-it.net