FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 11-29-2010, 03:53 PM
Matty Sarro
 
Default Persistant Static Routes based on TCP ports

Hey everyone,
We're working on a rather complicated installation in a tightly controlled
environment. Every server has 4 ethernet ports. Eth0 and Eth2 are bonded
together as bond0. Eth1 is used for management/snmp. The two networks are
completely isolated from one another. What we'd like to do is set up
persistant static routes so that all traffic using specified TCP/UDP ports
goes in/out of a specific interface. From the man/info page it doesn't look
like this can be done with the route command; or can it? If not, can anyone
suggest an alternative?
-Matty
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-29-2010, 04:23 PM
Romeo Theriault
 
Default Persistant Static Routes based on TCP ports

On Tue, Nov 30, 2010 at 1:53 AM, Matty Sarro <msarro@gmail.com> wrote:
> Hey everyone,
> We're working on a rather complicated installation in a tightly controlled
> environment. Every server has 4 ethernet ports. Eth0 and Eth2 are bonded
> together as bond0. Eth1 is used for management/snmp. The two networks are
> completely isolated from one another. What we'd like to do is set up
> persistant static routes so that all traffic using specified TCP/UDP ports
> goes in/out of a specific interface. From the man/info page it doesn't look
> like this can be done with the route command; or can it? If not, can anyone
> suggest an alternative?


I'm not sure exactly what you're trying to achieve, but you may want
to take a look at the 'ip' command. This allows you to setup more than
one routing table on the host.

See: http://linux-ip.net/html/routing-tables.html

Romeo




> -Matty
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
Romeo Theriault
System Administrator
Information Technology Services

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-29-2010, 04:55 PM
Matty Sarro
 
Default Persistant Static Routes based on TCP ports

I appreciate the followup, however that's not going to help us. As for what
we're trying to receive, only certain ports will be open on each server.
Basically what I need is policy based routing, where the policy is
determined by TCP/UDP ports.

On Mon, Nov 29, 2010 at 12:23 PM, Romeo Theriault
<romeotheriault@gmail.com>wrote:

> On Tue, Nov 30, 2010 at 1:53 AM, Matty Sarro <msarro@gmail.com> wrote:
> > Hey everyone,
> > We're working on a rather complicated installation in a tightly
> controlled
> > environment. Every server has 4 ethernet ports. Eth0 and Eth2 are bonded
> > together as bond0. Eth1 is used for management/snmp. The two networks are
> > completely isolated from one another. What we'd like to do is set up
> > persistant static routes so that all traffic using specified TCP/UDP
> ports
> > goes in/out of a specific interface. From the man/info page it doesn't
> look
> > like this can be done with the route command; or can it? If not, can
> anyone
> > suggest an alternative?
>
>
> I'm not sure exactly what you're trying to achieve, but you may want
> to take a look at the 'ip' command. This allows you to setup more than
> one routing table on the host.
>
> See: http://linux-ip.net/html/routing-tables.html
>
> Romeo
>
>
>
>
> > -Matty
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> Romeo Theriault
> System Administrator
> Information Technology Services
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-29-2010, 06:05 PM
Ray Van Dolson
 
Default Persistant Static Routes based on TCP ports

On Mon, Nov 29, 2010 at 09:55:39AM -0800, Matty Sarro wrote:
> I appreciate the followup, however that's not going to help us. As for what
> we're trying to receive, only certain ports will be open on each server.
> Basically what I need is policy based routing, where the policy is
> determined by TCP/UDP ports.

You might need to make use of iptables and NAT. Tag traffic heading
out on a certain port to go out another interface, rewrite the source
address correctly, etc.

I've never tried this, but imagine it would work in simple cases,
though for connections implemented by the client you'd obviously need
to build either some intelligence into the client or use DNS SRV
records to help define where connections should travel to based on a
service identifier.

LARTC[1] is still probably your best starter resource.

Ray

[1] http://lartc.org/howto/

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 12-01-2010, 07:51 AM
ESGLinux
 
Default Persistant Static Routes based on TCP ports

Hi,

I agree with Ray,

I think you can do it tagging the traffic.

I do it to route my http traffic for a specific eth this way:

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2

Then with the routes (basically you must change to your needs):

echo 203 web >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table web
ip route add default via 192.168.3.1 table web


All of this commands are from the reference that give you Ray,

HTH,


ESG




2010/11/29 Ray Van Dolson <rvandolson@esri.com>

> On Mon, Nov 29, 2010 at 09:55:39AM -0800, Matty Sarro wrote:
> > I appreciate the followup, however that's not going to help us. As for
> what
> > we're trying to receive, only certain ports will be open on each server.
> > Basically what I need is policy based routing, where the policy is
> > determined by TCP/UDP ports.
>
> You might need to make use of iptables and NAT. Tag traffic heading
> out on a certain port to go out another interface, rewrite the source
> address correctly, etc.
>
> I've never tried this, but imagine it would work in simple cases,
> though for connections implemented by the client you'd obviously need
> to build either some intelligence into the client or use DNS SRV
> records to help define where connections should travel to based on a
> service identifier.
>
> LARTC[1] is still probably your best starter resource.
>
> Ray
>
> [1] http://lartc.org/howto/
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 03:00 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org