[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Stuck in a hell of routing :(

also sprach Werner Oswald <osiworx@t-online.de> [2005.03.29.1659 +0200]:
> I try to have a URL based routing which then gets routed to 6
> different Modems accessing the internet.

There is ann iptables match target capable of inspecting content,
and it would not be hard to extend it to be HTTP aware. Anyway...
the squid approach is probably nicer.

> With this I was able to have URL based routing.

Do you need multiple squid instances? Are you sure you can't just
set the outgoing interface? I don't have a squid here to test, but
I seem to recall that it could do something like that from back when
I played with policy-based routing... but don't waste your time
researching this, I am everything but sure.

> the tcp_outgoind_address has been set to 192.168.x.100 for each
> squid instance so that the packages for the requests launched in
> different networks.

Uh, it's the destination address which determines which network
a packet goes to. The source IP does not usually play a role.

> the second part is now a win2k3 system with all the modems
> connected and with routing enabled.


> the idea is now that the requests coming from areA
> getting routed via modem A

This is easy to do with iproute and Linux 2.4/2.6. :)

> as each modem is in priciple a gateway, I get in trouble as
> only one is allowed.

Well, more are allowed, but the Windows TCP/IP stack will just end
up toppling.

I guess the solution is something akin to virtual circuits. Not sure
if Windows understands that.

> this was an idea to get my packages to the win2k3
> system but this route is only valid for 192.168.10.x destinations
> so how could I also deliver destinated packages to
> (win2k3) and 192.168.11.x sourced packages to
> which are for and so on.
This is your document:


You can either use iptables to mark packets and then create routing
policies with /sbin/ip (from iproute), or use iproute's own
filtering framework (should be enough).

Please do not send copies of list mail to me; I read the list!
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"emacs sucks, literally, not an insult, just a comment that it's
 large enough to have a noticeable gravitational pull..."
                                           -- mercury on #debian-devel

Attachment: signature.asc
Description: Digital signature

Reply to: