Re: Routing choice under user control per application instance?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Rick Sewill wrote:
> On Thu, 2010-03-18 at 14:07 -0600, S P Arif Sahari Wibowo wrote: 
>> Hi!
>> I am wondering whether it is possible to choose TCP/IP routing 
>> for a specific instance of an application - chosen on user-level 
>> when the application is started?
>> More specifically I have a workstation with 2 Internet 
>> connections (different devices), and I would like to have some 
>> applications connecting to Internet using one connection while 
>> other applications connecting to Internet using the other 
>> connection, where I choose which application instance use which 
>> connection.
>> I control the whole workstation (root, hardware) so I can do 
>> whatever on the machine, but not the router / connection.
>> Any idea?
> I have not done what you are requesting.
> I did an Internet search and came to the following conclusions:
> 1) You can mark packets using iptables.
>    The marking can be based on type of traffic, ex: html, smtp, etc.
> 2) You then use ip routing to do what is called policy routing.
>    You have multiple routing tables.
>    The routing table to be used will be selected based on the marking.
> I will suggest you look at the following URL and see if it helps you.
> This URL is not for the faint of heart:
> The key overview to understand this URL is the summary near the top:
> Quoting from the URL,
> "...Before beginning let's outline the process we are going to follow. 
>       * Copy the main routing table to another routing table and set the
>         alternate default route [38]. 
>       * Use iptables/ipchains to mark traffic with fwmark. 
>       * Add a rule to the routing policy database. 
>       * Test!"
> I have not personally done this.

That's the way my firewall works, by default I go out one ISP, optionally I use 
another. The only tip I offer is that you have to be careful to get the source 
IP right for the NIC you use. I think you can just set the source IP in iptables 
and put a few rules in routing, and eliminate the MARK entirely, but I have it 
working the way it is, and no reason to change it. I have access to another ISP 
account at the moment, if I really wanted to go crazy with routing I could.
> I can't do much more than give you the URL reference.
> You will need to determine if this as a possible solution for you.

Bill Davidsen <[email protected]>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

users mailing list
[email protected]
To unsubscribe or change subscription options:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux