Quote:
Originally Posted by Jroch
So with ip routing i can say that trafic on port x goes to nic x and trafic for port y goes to port y ?
|
You can say that traffic to different ports go through different
gateways, yes.
Assume a scenario where you have 2 NICs, eth1 and eth2, each connected to a DSL line. eth1 has the IP address 1.1.1.1 and eth2 has 2.2.2.2. Using 1.1.1.254 as your gateway would route all Internet traffic through eth1, while having 2.2.2.254 as your gateway would route traffic through eth2.
Policy routing means having separate routing tables, and decide based on some criteria which packets get processed by which table. In this case, you could create two tables with different gateways:
Code:
ip route add table 10 0.0.0.0/0 via 1.1.1.254
ip route add table 20 0.0.0.0/0 via 2.2.2.254
These tables are not used until you create an IP rule directing certain types of packets to a specific table.
Assume we want traffic to IP address 5.5.5.5 and port 80 to be processed by table 10, while traffic to the same IP address on port 443 should be handled by table 20. This can be accomplished by firewall-marking the packets and then use the IP rule "fwmark" selector:
Code:
iptables -t mangle -A FORWARD -d 5.5.5.5/32 -p tcp --dport 80 -j MARK --set-mark 80
iptables -t mangle -A FORWARD -d 5.5.5.5/32 -p tcp --dport 443 -j MARK --set-mark 443
ip rule add fwmark 80 table 10
ip rule add fwmark 443 table 20
I'm assuming you're routing traffic from some other network, hence the use of the FORWARD chain. For locally generated traffic, the OUTPUT chain must be used instead.
Quote:
Originally Posted by Jroch
Is that working only for port ? Or can we make that with dns too ?
Example :
The distant server is assigned 4 dns names and i route each name on a pecific nic (just an idea)
|
DNS names are translated into IP addresses before any routing is performed. You cannot route based on names.