Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Alternate route for port 80 (http://www.linux-archive.org/debian-user/681321-alternate-route-port-80-a.html)

Onur Aslan 07-08-2012 05:46 PM
Alternate route for port 80
 
Hi.

I want to use my vpn for outgoing port 80 connections in my Debian router.

My current route table:

# ip route
default dev ppp0 scope link
95.9.x.x dev ppp0 proto kernel scope link src 95.9.x.x
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev wlan0 proto kernel scope link src 192.168.2.1
192.168.4.0/24 dev tap0 proto kernel scope link src 192.168.4.2


tap0 is my virtual vpn device created by openvpn. When I use something like
that all my traffic going through by vpn, so vpn working fine:

# ip route
default via 192.168.4.1 dev tap0
95.9.x.x dev ppp0 proto kernel scope link src 95.9.x.x
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
192.168.2.0/24 dev wlan0 proto kernel scope link src 192.168.2.1
192.168.4.0/24 dev tap0 proto kernel scope link src 192.168.4.2
199.180.x.x dev ppp0 scope link


199.180.x.x and 192.168.4.1 are IP addresses of my vpn server.

Now, I want to use an alternate route for only port 80 outgoing
traffic. I create a table and set default gateway for this table with:


# echo 10 alter >> /etc/iproute2/rt_tables
# ip route add default via 192.168.4.1 table alter


And I create a fwmark and mark OUTPUT requests with:

# ip rule add fwmark 0x10 table alter
# iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK
--set-mark 0x10


In my theory this should work, but it's not working. When I use that I am
not able to connect any website. What I am missing here? What should I add
to my alternate routing table to make it work?

Btw I tried to send this to debian-firewall but I got quota exceed error.

Thanks.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120708174637.GB2192@ev.onur.im">http://lists.debian.org/20120708174637.GB2192@ev.onur.im


Sun Jul 8 20:30:01 2012
Return-Path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
eagle542.startdedicated.com
X-Spam-Level:
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIM_SIGNED,FSL_RCVD_USER,
RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Original-To: tom@linux-archive.org
Delivered-To: tom-linux-archive.org@eagle542.startdedicated.com
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by eagle542.startdedicated.com (Postfix) with ESMTP id 8C1D120E0228
for <tom@linux-archive.org>; Sun, 8 Jul 2012 19:49:20 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id 6511461C; Sun, 8 Jul 2012 17:49:10 +0000 (UTC)
Old-Return-Path: <debian-user@list-post.mks-mail.de>
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id 8A4C5FE
for <lists-debian-user@bendel.debian.org>; Sun, 8 Jul 2012 17:49:01 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-7.1 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, LDO_WHITELIST=-5] autolearn=ham
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id p5RE2UV_Jqad for <lists-debian-user@bendel.debian.org>;
Sun, 8 Jul 2012 17:48:54 +0000 (UTC)
X-policyd-weight: using cached result; rate: -6.1
Received: from mail.ddt-consult.de (mail.ddt-consult.de [176.9.143.18])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id C525551
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 17:48:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by mail.ddt-consult.de (Postfix) with ESMTP id 86E742C7440
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 19:48:46 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
list-post.mks-mail.de; h=content-transfer-encoding:content-type
:content-type:in-reply-to:references:subject:subject
:mime-version:user-agent:reply-to:from:from:date:date:message-id
:received:received; s=lpm; t=1341769725; bh=lF0JHICWI3XHdJVUM7si
5cCQsDv50+1DbDDRKXll12k=; b=Ceq3a6Xbu4GasadCQpmU6Ra/Aj1SNf04/9r6
imsHOuIh2jvsPH3CYufzUqS4sR3M555VOtuWoyISv8w1zqb6GX p3/fZRFj11TVgh
qBTaFc641/mluIdKjDWhVV8/5dUd1AJcSA99Hj7PFwy7+Tn7HM0PfkUnsfaoqki/
AjjvmQU=
X-Virus-Scanned: Debian amavisd-new at mail
Received: from mail.ddt-consult.de ([127.0.0.1])
by localhost (mail2.ddt-consult.de [127.0.0.1]) (amavisd-new, port 20024)
with LMTP id HnoDOhUoreUy for <debian-user@lists.debian.org>;
Sun, 8 Jul 2012 19:48:45 +0200 (CEST)
Received: from legolas.home.ddt.intern (p5DC37901.dip.t-dialin.net [93.195.121.1])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail.ddt-consult.de (Postfix) with ESMTPSA id 7E33A2C743D
for <debian-user@lists.debian.org>; Sun, 8 Jul 2012 19:48:45 +0200 (CEST)
Message-ID: <4FF9C7FC.1000404@list-post.mks-mail.de>
Date: Sun, 08 Jul 2012 19:48:44 +0200
From: =?UTF-8?B?TWFya3VzIFNjaMO2bmhhYmVy?=
<debian-user@list-post.mks-mail.de>
Reply-To: debian-user@lists.debian.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Re: Filezilla a security risk
References: <CA+AKB6E1FfRCNbV6PimAvdvUfoBKuo7rgLsbaCR_7tgtuZdw 5A@mail.gmail.com> <jskgm9$68h$11@dough.gmane.org> <20120701190852.6ac28c32.celejar@gmail.com> <201207072127.38523.lisi.reisz@gmail.com> <20120708000433.372b2be0.celejar@gmail.com> <20120708085515.183aa860@bonifac.skk> <jtbsnm$s8h$7@dough.gmane.org> <4FF99C27.5050509@list-post.mks-mail.de> <jtc84a$s8h$10@dough.gmane.org> <4FF9BAAF.5060601@list-post.mks-mail.de> <jtcetj$s8h$17@dough.gmane.org>
In-Reply-To: <jtcetj$s8h$17@dough.gmane.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <8rlE_1JqHMC.A.aqH.Wgc-PB@bendel>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/634951
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Sun, 8 Jul 2012 17:49:10 +0000 (UTC)

08.07.2012 19:10, Camaleón:

> On Sun, 08 Jul 2012 18:51:59 +0200, Markus Schönhaber wrote:
>
>> 08.07.2012 17:14, Camaleón:
>>
>>> On Sun, 08 Jul 2012 16:41:43 +0200, Markus Schönhaber wrote:
>>>
>>>> 08.07.2012 13:59, Camaleón:
>>>>
>>>>> While imaps (tcp/993), pop3s (tcp/995) and smtps (tcp/587) make use
>>>>> of
>>>>
>>>> smtps was defined as 465/tcp. 587/tcp is message submission which does
>>>> not provide encryption on the transport layer.
>>>
>>> They are used for the same purpose (secure smtp) but the former is now
>>> depretacted.
>>
>> For some definition of "purpose", maybe [1] Stating that 587/tcp was
>> smtps is simply wrong, because it implies encryption on the network
>> layer.
>
> When you replace a standard with another it would be fair to say that
> both share the same essence and they are aimed to solve the same problem.

That doesn't change the fact that one is encrypted on the network layer
while the other is not.
Especially - in contrast to what your statement implied - 587/tcp is not
encrypted on the network layer.

>> Which makes "the new standard" something very different.
>
> To my eyes, not that different in the end.

Yeah.
Your statement that 587/tcp was smtps is simply wrong. I just corrected
your wrong statement - nothing more. Why you feel the need to go to a
great length to convince someone (whoever that might be) that your wrong
statement was somehow right is completely beyond me.

--
Regards
mks


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/4FF9C7FC.1000404@list-post.mks-mail.de

Bob Proulx 07-08-2012 06:39 PM
Alternate route for port 80
 
Onur Aslan wrote:
> Btw I tried to send this to debian-firewall but I got quota exceed error.

Your message was successfully posted to the maliing list just fine.
There is even a follow-up message posted there.

http://lists.debian.org/debian-firewall/2012/07/msg00000.html

That quota exceeded error you received probably did not come from the
mailing list but from a subscribed recipient site that was
misconfigured to reply to you as a poster instead of to mailing list
error address. This is a common problem seen on all mailing lists.
Bad sites spam you with their errors instead of handling them
correctly.

Bob


All times are GMT. The time now is 07:14 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.