Add route based on port not ip?!

Jeeves · 09-25-2006, 11:29 AM

Hi,

I am sitting on a PC with 2 Interfaces. One is a ADSL connection with no quota and one a Link to the University's LAN/WAN and also access to the Uni's gateway.

Currently I am using the ADSL interface (ppp0) for my default route and the Uni interface (eth1) for my route to certain servers, like my mail and webservers for a nice, reliable and fast connection.

The routing table looks something like this:

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
213.191.89.28   *               255.255.255.255 UH    0      0        0 ppp0
10.4.0.0        *               255.255.0.0     U     0      0        0 eth1
129.0.0.0       10.4.11.1       255.0.0.0       UG    0      0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
default         213.191.89.28   0.0.0.0         UG    0      0        0 ppp0

My question is if there is any way to route packages going to *.*.*.*: port through the eth1 interface rather than the ppp0 interface?

My motivation is that I want to route packages going to ssh or ICQ servers through my Uni connection since it does not have the 24h disconnect unlike my ADSL interface.

I hope I have been specific enough.

Thanks in advance,

Jeeves

indeterminate · 09-26-2006, 10:30 AM

The Advanced Routing How-To describes pretty much exactly what you want to do:

http://www.tldp.org/HOWTO/Adv-Routin...netfilter.html

Basically, you edit your firewall rules to mark stuff from a specific port (ssh or icq, whatever) with a number. Then you configure iproute to send everything marked with that number out the correct interface.

It's a really good How-To.

ndarkduck · 12-01-2011, 10:40 PM

Quote:

Originally Posted by indeterminate

The Advanced Routing How-To describes pretty much exactly what you want to do:

http://www.tldp.org/HOWTO/Adv-Routin...netfilter.html

Basically, you edit your firewall rules to mark stuff from a specific port (ssh or icq, whatever) with a number. Then you configure iproute to send everything marked with that number out the correct interface.

It's a really good How-To.

Is incredible how this post helped me today 2/Dec/2011. I'll like to summarise your link:

Code:

echo "1	UNIVERSITY" >> /etc/iproute2/rt_tables
ip route add default via 172.16.0.1 dev eth0 table UNIVERSITY
ip route show table UNIVERSITY
ip rule add from all fwmark 0x1 lookup UNIVERSITY
iptables -t mangle -I PREROUTING -p tcp --dport 22 -j MARK --set-mark 1

I'll like also to add the way to route certain outgoing reply traffic through a certain interface...

Code:

iptables -t mangle -I OUTPUT -p tcp --sport 22 -j MARK --set-mark 1

Oniric · 09-22-2013, 10:21 PM

Hello,

I'm just replying because this thread just made my day!
Thanks a lot for your answers, it's still useful even several years later !

I have a NAS connected to a VPN 24/7 on tun0 and all outgoing traffic si going through it. But to administrate it from outside i need to access it from another VPN through eth0.
I will work on that using your answers.
I will reply my founding later.

Thanks!