[CentOS] Configuring source-specific routing

Sat May 4 11:33:37 UTC 2013
Rob Townley <rob.townley at gmail.com>

Any neighbors with Open WiFi?
Connect Cat5 to laptop in your house and connect to neighbors open WiFi.
Woila, two ISPs.

If you have 3G, it will work better to connect it into a CradlePoint type
3G hardware gateway device and connect the laptop to the 3G Gateway.
NetworkManager would only activate my bluetooth-to-3G connection when i
turned WiFi off.  (Further, i just ran `ip route` on my android phone while
connected to 3G and WiFi and the android output was disappointing.  Does
not have both active at same time.)


On Fri, May 3, 2013 at 8:37 PM, Michael Mol <mikemol at gmail.com> wrote:

> On 05/03/2013 05:06 PM, Ljubomir Ljubojevic wrote:
> > On 05/02/2013 08:48 PM, Michael Mol wrote:
>
> [snip]
>
> >
> > Alternate source routing, firewall and netfilter marking of packets:
> >
> >
> > iptables -t mangle -A PREROUTING -s 172.24.5.0/24 -j MARK --set-mark
> 100 #
> > iptables -t mangle -A PREROUTING -s 192.168.150.107 -j MARK --set-mark
> > 200 #
> > iptables -t mangle -A PREROUTING -s 192.168.150.224 -j MARK --set-mark
> 100
> >
> >
> > # Local network
> > iptables -t mangle -A PREROUTING -d 192.168.0.0/16 -j MARK --set-mark 20
> > iptables -t mangle -A PREROUTING -d 172.16.0.0/12  -j MARK --set-mark 20
> > iptables -t mangle -A PREROUTING -s <PublicIP> -d 192.168.0.0/16 -j MARK
> > --set-mark 20
> > iptables -t mangle -A PREROUTING -s <PublicIP> -d 172.16.0.0/12 -j MARK
> > --set-mark 20
> >
> > And then something like:
> >
> > # echo 201 mail.out >> /etc/iproute2/rt_tables
> > # ip rule add fwmark 1 table mail.out
> > # /sbin/ip route add default via 195.96.98.253 dev eth0 table mail.out
> >
> > (http://lartc.org/howto/lartc.netfilter.html).
> >
> > Used firewall rules are from StarOS router OS that has simple script for
> > policy routing so that second part with ip rule and ip route is just a
> > pointer in right direction.
>
> I don't figure I want to use the mangle table for this. Though thanks
> for the example code; that will come in handy for tc. Just need how to
> work that in with sanewall.
>
> I think I know what I did wrong, but it's going to be a while before I
> can test it. (Dang, I wish I had enough spare hardware at home to set up
> a test lab.)
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>