On 04/10/2013 21:55, Grant Edwards wrote:
Let's posit two network interfaces net1 (192.168.x.y/16) and net2
(172.16.a.b/16). There's a NAT/gateway available on each of the
networks. I want to use the 172.16 gateway for TCP connections to port
80 and the 192.168 gateway for everything else.
I'm primarily following this example:
http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
My "main" routing table contains all directly accessible subnets plus
a default route via the 192.168 gateway.
I created a second route table named "pmain" which is identical to
"main" except it has a different default route via the 172.16 gateway.
My ip rules are:
0: from all lookup local
10000: from all fwmark 0x1 lookup pmain
32766: from all lookup main
32767: from all lookup default
I then add an iptables rule like this:
iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 1
It would help if you were to also supply the details of:
* ip -f inet -o a s
* ip route show table main
* ip route show table pmain
Now all TCP packets destined for port 80 are sent to the 172.16
gateway, _but_ they're being sent with a 192.168 source address. The
TCP stack is apparently unaware of the advanced routing tricks and
thinks that the packets are going out via the 192.168 gateway.
IOW I've succesfully re-routed TCP _packets_ but not the TCP
_connection_.
How do I tell the TCP stack that it's supposed to use the 172.16
inteface/gateway for connections to port 80?
--Kerin
