On 2008-03-03, Grant Edwards <[EMAIL PROTECTED]> wrote:
> On 2008-03-03, kashani <[EMAIL PROTECTED]> wrote:
>
>> I'm not aware of any iptables front end that will also manager
>> policy based routing which is Cisco-ese and maybe general
>> Network-ese for what you're trying to do. However I would use
>> shorewall (or whatever you prefer) to do most of the work and
>> then insert your custom rules where they need to go.
>
> AFAICT, I only need to add 1 iptable rule to mark outbound
> frames destined to particular ports.
>
>> All policy routing regardless of actual implementation has you
>> build an ACL of traffic you'd like messed with. Then you need
>> to specify what happens to traffic that matches the ACL.
>> However one thing the original how-to you linked left didn't
>> completely spell out is NAT. You MUST NAT on each interface or
>> you'll have all sorts of routing fun that does not work.
>
> I don't understand why I have to do NAT. Can you explain why?
> (Or point me to docs that explain why?)
OK, I think I see what you mean. The in the HOWTO to which I
linked, the box in question is apparently routing between an
internal network on eth0 and two external gateways on eth1 and
eth2. It is choosing the external gateway based on the
destination port of the outbound packet. That's obviously only
make sense if it's also doing NAT.
My application is not routing for any other machines/networks.
It's just a desktop machine belonging to an end-user. It has
two gateways to "the Internet" (each of those gateways is doing
NAT). All I want to do is select a gateway based on the
destination port of outbound packets.
--
Grant Edwards grante Yow! How's it going in
at those MODULAR LOVE UNITS??
visi.com
--
gentoo-user@lists.gentoo.org mailing list
