Dividing access through interfaces

Home Page Forums Network Management Networking Dividing access through interfaces

This topic contains 0 replies, has 0 voices, and was last updated by  oguretz 9 years, 5 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #42113

    oguretz
    Member

    Hi everyone. Please, help me to configure zs-box.

    I have 2 internet-connected interfaces (ppp0 and eth00). The main access channel is eth00. and the second is specialized – for example, i want to access some sites only through ppp0 (including subdomains, no matter how many them – *.foo.com for example), and to some ports – for example, if computer behind router wants to connect to some host port 622 – zs-box routes this connection through ppp0, not eth00.

    thanks for any help.

    #49305

    atheling
    Member

    @oguretz wrote:

    Hi everyone. Please, help me to configure zs-box.

    I have 2 internet-connected interfaces (ppp0 and eth00). The main access channel is eth00. and the second is specialized – for example, i want to access some sites only through ppp0 (including subdomains, no matter how many them – *.foo.com for example), and to some ports – for example, if computer behind router wants to connect to some host port 622 – zs-box routes this connection through ppp0, not eth00.

    thanks for any help.

    Some of that you can do but maybe not all. I assume you’ve set up your two Internet connections with load-balancing/failover. If so you will see an entry in your mangle table PREROUTING chain where the connection mark is “restored” to the packet. If use use the “ip rule list” command from a shell you will see something like:

    root@zeroshell root> ip rule list
    0: from all lookup local
    32764: from all fwmark 0x66 lookup 102
    32765: from all fwmark 0x65 lookup 101
    32766: from all lookup main
    32767: from all lookup default

    Basically the connection mark sets the routing table to be used.

    So you can add your own marking for new connections to determine what interface the traffic will take. I want my VoIP to always use one interface, so I used some iptable commands in the mangle PREROUTING chain to set the mark on traffic from my VoIP LAN segment.

    You can do the same and direct traffic based on source or destination IP/port.

    Not sure you can do it based on DNS domain though.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.