Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have two interfaces connected to two different networks.
Both networks are connected to the internet.
Now I want to force the traffic of a single program through one of the two interfaces and route any other traffic through the other one.
I'm pretty sure this is possible, however I failed to find any way of doing this.
To clarify:
if1 is connected to lan1, if2 is connected to lan2.
bot lan1 and lan2 are connected to gateways that are connected to the internet.
appA is supposed to access the internet through lan1. Thus its traffic is supposed to be sent out through if1 and routed through lan1's gateway.
app* (where * == \w && * != A) is supposed to access the internet through lan2. Traffic is sent out through if2.
I thought of something similar to proxychains, that allows you to send an applications traffic through a specific proxy. Is there anything similar out there? Or is there some other possible way?
you need to tell us more about these apps.. there are dozens of ways to distinguish one app form another, primarily port numbers....
The most basic method of doing this would be to match the pid of the process or, to simplify, run as a specific user and match the uid (this can be done with the owner module for netfilter). You can then proceed in two manners, the first, and more crude, is to use the aforementioned iptables “owner” matching module with the “ROUTE” target. The second method is more elegant (IMHO), and you would use the same “owner” module as before, except now, use netfilter’s “MARK” functionality to mark the packets with whatever custom mark you wish to use. The marked packets will couple nicely with iproute2 and friends.
Also, if you have not already read this yet, I suggest you do so to get a basic dual-uplink network setup.
Thanks to both of you!
@acid_kewpie: Yes, I'm sure there are many ways. However ports are unfortunately not an option to me.
I took osor's advice and created a user to run appA. Thereupon I spent a few hours finding out that ROUTE is not a standard target, patching the kernel, compiling it, booting it, patching iptables and getting it to recompile under Gentoo.
So far everything went quite smoothly.
I agree with you that the second option would be more classy - however it would be kind of overkill for my purposes. Thats why I stuck with the ROUTE target. I tried to find out about the syntax... And I thought I managed to understand everything (I'm quite new to iptables. Or lets say - quite new to anything that is not done with -j DROP).
I decided to use the gateway to specify the route. Of course the interface should work as well.
However iptables returns:
iptables: Invalid argument
This is where the fun starts. I tried about everything and it won't change.
Therefore I've come to the point where I expect some really stupid mistake in there. Could one of the kind guys out there please guide me towards my mistake?
Therefore I've come to the point where I expect some really stupid mistake in there. Could one of the kind guys out there please guide me towards my mistake?
IIRC, the owner module is only usable in an OUTPUT chain.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.