Hello,
I am running CentOS 5 with kernel version kernel-2.6.18-371.8.1.el5
I am referring the online how-to guide for advanced linux routing -
http://www.tldp.org/HOWTO/Adv-Routin...netfilter.html
The requirement that I have is that based on the port being used for communication, the traffic should flow through different network interfaces, for ex -
eth0 should be used -
1. Accept & respond to requests coming over port 80, 443, 8080
2. When the server wants to start communication outside on these ports
eth1 should be used -
1. Accept & respond to requests coming over port 1099, 1399
2. When the server wants to start communication outside on these ports
To do that, I wrote the following script -
Code:
#!/bin/bash
. /etc/profile
## Network Interface 1 details - eth0
IF1=eth0 #Name
IP1=1.1.1.61 #IP Address
P1=1.1.1.1 #Gateway
P1_NET=255.255.255.0 #Netmask
## Network Interface 2 details - eth1
IF2=eth1 #Name
IP2=1.1.1.67 #IP Address
P2=1.1.1.1 #Gateway
P2_NET=255.255.255.0 #Netmask
## Define routing table for each interface
echo 201 T1 >> /etc/iproute2/rt_tables #Routing table for eth0
echo 202 T2 >> /etc/iproute2/rt_tables #Routing table for eth1
## To route answers to packets coming in over a particular interface, say eth0, back out again over that same interface
# 1. Build a route to the gateway and build a default route via that gateway
ip route add $P1_NET dev $IF1 src $IP1 table T1
ip route add default via $P1 table T1
ip route add $P2_NET dev $IF2 src $IP2 table T2
ip route add default via $P2 table T2
# 2. It is a good idea to route things to the direct neighbour through the interface connected to that neighbour
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
# 3. Preference for default route
ip route add default via $P2
# 4. Set up the routing rules. These actually choose what routing table to route with
ip rule add from $IP1 table T1
ip rule add from $IP2 table T2
# 5. Flush the route cache
ip route flush cache
####### TEST ROUTING POLICY FOR PORT 22 OUTGOING CONNECTION ###########
iptables -A PREROUTING -t mangle -p tcp --dport 22 -j MARK --set-mark 1
ip rule add fwmark 1 table T2
ip route flush cache
I added the "TEST ROUTING POLICY FOR PORT 22 OUTGOING CONNECTION" section in the script. The section was written with the following intention -
If I open a SSH session from the OS to another linux machine [1.1.1.70], interface eth1 [1.1.1.67] should be used. I executed the script & started the SSH session. The SSH session was established, but to verify that eth1 interface was used, I executed netstat command on 1.1.1.70, which gave the following output -
Code:
[root@OS4 tmp]# netstat -anpt | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1773/sshd
tcp 0 52 1.1.1.70:22 1.1.1.231:2292 ESTABLISHED 32271/sshd
tcp 0 0 1.1.1.70:22 1.1.1.61:60768 ESTABLISHED 32371/sshd
tcp 0 0 1.1.1.70:22 1.1.1.61:51396 ESTABLISHED 32513/sshd
tcp 0 0 :::22 :::* LISTEN 1773/sshd
I expected the 1.1.1.67 IP address to turn up in the above output, instead I get eth0 IP - 1.1.1.61.
The 1.1.1.231 is my Linux desktop IP address, from which I access both the machines [1.1.1.61 & 1.1.1.67].
Anything wrong with my script? Needs updates? More rules to be defined? OR I got the understanding the wrong way?
Thanks
- Bhushan Pathak