On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote:
On 05/02/2013 08:48 PM, Michael Mol wrote:
[snip]
Alternate source routing, firewall and netfilter marking of packets:
iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark 100 # iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark 200 # iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark 100
# Local network iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -d 172.16.0.0/12 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s <PublicIP> -d 192.168.0.0/16 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -s <PublicIP> -d 172.16.0.0/12 -j MARK --set-mark 20
And then something like:
# echo 201 mail.out >> /etc/iproute2/rt_tables # ip rule add fwmark 1 table mail.out # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out
(http://lartc.org/howto/lartc.netfilter.html).
Used firewall rules are from StarOS router OS that has simple script for policy routing so that second part with ip rule and ip route is just a pointer in right direction.
I don't figure I want to use the mangle table for this. Though thanks for the example code; that will come in handy for tc. Just need how to work that in with sanewall.
I think I know what I did wrong, but it's going to be a while before I can test it. (Dang, I wish I had enough spare hardware at home to set up a test lab.)