iptables and routing
Hi Everyone :)
I've got a problem and I can't seem to find a solution without putting
another computer in the works as a router, which isn't really a good
solution.
I'm using kernel 2.4.10, iptables and some policy routing.
What I would like to do (if it's possible) is decide which network
interface a packet goes out depending on which program generated it
locally. For example, if Apache generates a packet, I always want it
to go out of cipcb0 (vpn interface).
I have some live IP's routed over the cipcb0 interface, and that goes
over my cable link. I'm not allowed to simply serve pages on the
cable modem IP because it's against their acceptable use policy, and
I've already had my account suspended once for doing that. Anyway,
the problem is, when someone is using the same cable provider as I do,
if their proxy server gets the request it will ask my server to give
it the page, but the server won't send the data out of cipcb0 because
there is a host route pointing to the cable providers proxy/dns server
as I want to be able to use their proxy/dns servers myself, and
because the packet comes back to the cable provider through the cable
modem, it gets dropped, thus there is a large area around me where
users on the same cable provider that I use can not access any of my
web pages.
Does anyone know how to fix this problem? I've had a play with
marking packets based on UID and so on in an effort to use the policy
routing stuff to route the packets up to the cipcb0 interface, but I
havn't has any success yet.
--
Regards,
Robert Davidson.
http://www.mlug.org.au/
Reply to: