Routing ports to secondary network card

vockleya · 01-21-2010, 12:48 PM

I have a program that connects to the internet that I would like to route through one of my secondary network interfaces. I need one specific port routed to eth1 instead of eth0. I believe that I should be using iptables for that, but I don't really know how to do it. Any suggestions?

nimnull22 · 01-21-2010, 01:14 PM

What is the output of "route -n"?

vockleya · 01-21-2010, 03:08 PM

Quote:

aaron-desktop:~ aaron$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
134.82.164.0 0.0.0.0 255.255.255.0 U 1 0 0 eth2
134.82.164.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
134.82.164.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth2
0.0.0.0 134.82.164.254 0.0.0.0 UG 0 0 0 eth2

eth2 is the current default. I want to route port 51413 to eth 0 instead of eth2, so it doesn't interfere with the rest of my internet traffic

jschofield · 01-21-2010, 03:19 PM

Yes for somthing as simple as that 'iptables', is what you should use.

take a look at
http://www.netfilter.org/

iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 51413 -s 134.82.164.x -j MASQUERADE

I would verify the exact structure as i am doing this from memory.

nimnull22 · 01-21-2010, 03:29 PM

Thanks.
Post please output of "ifconfig" for eth0, eth1, eth2.

vockleya · 01-21-2010, 03:35 PM

While everything in this command seems right, I get the error that --dport is an unknown option.

vockleya · 01-21-2010, 03:49 PM

eth0 Link encap:Ethernet HWaddr 00:c0:f0:48:5a:ea
inet addr:134.82.164.212 Bcast:134.82.164.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:f0ff:fe48:5aea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5124991 errors:1 dropped:0 overruns:0 frame:0
TX packets:2580704 errors:1 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:2773159249 (2.7 GB) TX bytes:246327507 (246.3 MB)
Interrupt:20 Base address:0xe800

eth1 Link encap:Ethernet HWaddr 00:a0:cc:41:2a:a1
inet addr:134.82.164.209 Bcast:134.82.164.255 Mask:255.255.255.0
inet6 addr: fe80::2a0:ccff:fe41:2aa1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16325 errors:1 dropped:0 overruns:0 frame:0
TX packets:3611 errors:1 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:2709109 (2.7 MB) TX bytes:637324 (637.3 KB)
Interrupt:23 Base address:0xe400

eth2 Link encap:Ethernet HWaddr 00:e0:4d:ba:60:36
inet addr:134.82.164.188 Bcast:134.82.164.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:4dff:feba:6036/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36332372 errors:0 dropped:0 overruns:0 frame:0
TX packets:19938318 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19853282142 (19.8 GB) TX bytes:2965931557 (2.9 GB)
Interrupt:27 Base address:0xc000

nimnull22 · 01-21-2010, 08:40 PM

Try that rule:

Code:

iptables -t nat -A OUTPUT -p tcp --dport 51413 -j DNAT --to-destination 134.82.164.212

or may be like this:
iptables -t nat -A OUTPUT -p tcp --dport 51413 -j DNAT --to-destination 134.82.164.212:51413

I actually not really sure that will work, as by this rule we ask iptable to send traffic to eth0 IP address.
It is possible also to send it to GW, but as all ethernet in same network it is useless.

chort · 01-21-2010, 10:26 PM

It's pretty much impossible that the bandwidth of a single NIC is lower than your Internet bandwidth. As long as this is the case there's simply no need to split Internet-bound traffic between different cards.

nimnull22 · 01-21-2010, 10:34 PM

Quote:

Originally Posted by chort

It's pretty much impossible that the bandwidth of a single NIC is lower than your Internet bandwidth. As long as this is the case there's simply no need to split Internet-bound traffic between different cards.

What are talking about, and with whom?

chort · 01-21-2010, 11:00 PM

Quote:

I have a program that connects to the internet that I would like to route through one of my secondary network interfaces.

There doesn't appear to be any need to actually do this.

nimnull22 · 01-21-2010, 11:15 PM

Quote:

Originally Posted by chort

There doesn't appear to be any need to actually do this.

Yes, but who knows how OP connects his NIC to switch/router. May be there is something additional after one of NIC.

chort · 01-21-2010, 11:19 PM

Well they're all on the same subnet, so I doubt that... It's best to find out the why before the what. Knowing the first can dramatically change the second.

vockleya · 01-21-2010, 11:24 PM

Each connection to the router has a 2Mbit bandwidth limit. By routing my server traffic over a secondary NIC I can free up the main one for internet browsing and downloading stuff, which is dramatically slowed when the server is being used.

nimnull22 · 01-21-2010, 11:24 PM

You don't understand me, between NICs and router/switch can be many additional equipment.