Presmerovani trafficu proxy

Dalibor Straka dast na panelnet.cz
Středa Srpen 17 03:13:56 CEST 2005


On Wed, Aug 17, 2005 at 02:45:09AM +0200, Dalibor Straka wrote:
> On Wed, Aug 17, 2005 at 02:38:17AM +0200, Robert Pospichal wrote:
> > Vazeni kolegove,
> > 
> >     dochazi mi fantazie pri reseni nasledujiciho problemu, potreboval bych
> > co nejelegantneji a nejjednoduseji presmerovat odchozi provoz ze squid-proxy
> > na jine rozhrani (mimo vychozi branu - ta miri do vpn CT) v serveru bude
> > jeste jedno rozhrani s pripojenim do ADSL, tam bych prave potreboval
> > smerovat veskery provoz z proxy. Vi nekdo jak na to? Iptables? Nebo nejaky
> > parametr ve squid.conf ( o cemz pochybuji).
> > 
> www.lartc.org a archiv teto konference. ip route umi routovat (nejen) podle 
> ciloveho portu.
> 
> > Moc vsem dekuji za odpovedi.
> Rado se stalo.
> 

Nevim jestli je to jedina moznost(*):
Routing is usually by src or dst address. However we can route
by ports using fwmark.

#mark the packet
iptables -t mangle -A ${CHAIN} -p tcp -s ${RIP}/32 -d 0/0 --dport \
     ${my_PORT} -j MARK --set-mark 1
#log the packets for your sanity (thanks to Horms for syntax)
iptables -t mangle -A ${CHAIN} -m mark --mark 1 -j LOG --log-level \
     DEBUG --log-prefix "fwmark 1: "
#add a rule for packets with the fwmark (routes are in table 3_TIER)
ip rule add prio 99 from ${RIP} fwmark 1 table 3_TIER
#provide a route in table 3_TIER
ip route add default via ${my_GW} dev ${my_DEV} table 3_TIER

(*) Mozna uz existuje elegantnejsi moznost bez markovani pres iptables.
-- Dalibor Straka


Další informace o konferenci Linux