Re: 2 Internet Links x 1 LAN

To: breno.moiana@partekforest.com
Cc: debian-firewall@lists.debian.org
Subject: Re: 2 Internet Links x 1 LAN
From: Frederik Rousseau <fred@cmelectronics.be>
Date: Mon, 28 Jul 2003 16:53:20 +0200
Message-id: <[🔎] 200307281653.20953.fred@cmelectronics.be>
In-reply-to: <[🔎] OF62DFCD26.A0EC02C0-ON03256D71.004E6FCA-03256D71.004F4397@partekcorp.com>
References: <[🔎] OF62DFCD26.A0EC02C0-ON03256D71.004E6FCA-03256D71.004F4397@partekcorp.com>

> Port 25 blocked on link B, through IPTables, but opened at Link A.
> Would the request try to go through link A, or would it stop because It has
> reached Link B and was denied?

The traffic will use link B (default gateway), except if it needs a host in 
the network of link A. So the traffic is simply blocked.

But I also have some set-ups like you described. I used the Linux Advanced 
Routing & Traffic Control HOWTO [http://lartc.org/lartc.html] as knowledge.
Look at 'Chapter 11. Netfilter & iproute - marking packets' 
[http://lartc.org/lartc.html#LARTC.NETFILTER].
I think that's what you need:
use iptables to mark specified packets [`iptables -A PREROUTING -i $INT_IF -t 
mangle -p tcp --dport 25 -j MARK --set-mark 1`] and add the route for all the 
traffic marked by the iptables (using the `ip` command!). Don't forget to 
check for the right kernel options!
All this needs some knowledge of iproute [`apt-cache show iproute`], also 
explained in the HOWTO. And some kernel compiling ...


Kind regards,
Fred

Reply to:

References:
- Re: 2 Internet Links x 1 LAN
  - From: breno.moiana@partekforest.com

Prev by Date: AW: 2 Internet Links x 1 LAN
Next by Date: Re: 2 Internet Links x 1 LAN
Previous by thread: Re: 2 Internet Links x 1 LAN
Next by thread: Re: 2 Internet Links x 1 LAN
Index(es):
- Date
- Thread