Re: Re: Dividing access through interfaces

Forums Network Management Networking Dividing access through interfaces Re: Re: Dividing access through interfaces


@oguretz wrote:

Hi everyone. Please, help me to configure zs-box.

I have 2 internet-connected interfaces (ppp0 and eth00). The main access channel is eth00. and the second is specialized – for example, i want to access some sites only through ppp0 (including subdomains, no matter how many them – * for example), and to some ports – for example, if computer behind router wants to connect to some host port 622 – zs-box routes this connection through ppp0, not eth00.

thanks for any help.

Some of that you can do but maybe not all. I assume you’ve set up your two Internet connections with load-balancing/failover. If so you will see an entry in your mangle table PREROUTING chain where the connection mark is “restored” to the packet. If use use the “ip rule list” command from a shell you will see something like:

root@zeroshell root> ip rule list
0: from all lookup local
32764: from all fwmark 0x66 lookup 102
32765: from all fwmark 0x65 lookup 101
32766: from all lookup main
32767: from all lookup default

Basically the connection mark sets the routing table to be used.

So you can add your own marking for new connections to determine what interface the traffic will take. I want my VoIP to always use one interface, so I used some iptable commands in the mangle PREROUTING chain to set the mark on traffic from my VoIP LAN segment.

You can do the same and direct traffic based on source or destination IP/port.

Not sure you can do it based on DNS domain though.