Routing choice under user control per application instance?
Bill Davidsen
davidsen at tmr.com
Thu Mar 25 21:56:44 UTC 2010
Rick Sewill wrote:
> On Thu, 2010-03-18 at 14:07 -0600, S P Arif Sahari Wibowo wrote:
>> Hi!
>>
>> I am wondering whether it is possible to choose TCP/IP routing
>> for a specific instance of an application - chosen on user-level
>> when the application is started?
>>
>> More specifically I have a workstation with 2 Internet
>> connections (different devices), and I would like to have some
>> applications connecting to Internet using one connection while
>> other applications connecting to Internet using the other
>> connection, where I choose which application instance use which
>> connection.
>>
>> I control the whole workstation (root, hardware) so I can do
>> whatever on the machine, but not the router / connection.
>>
>> Any idea?
>
> I have not done what you are requesting.
>
> I did an Internet search and came to the following conclusions:
> 1) You can mark packets using iptables.
> The marking can be based on type of traffic, ex: html, smtp, etc.
>
> 2) You then use ip routing to do what is called policy routing.
> You have multiple routing tables.
> The routing table to be used will be selected based on the marking.
>
> I will suggest you look at the following URL and see if it helps you.
>
> This URL is not for the faint of heart:
> http://linux-ip.net/html/adv-multi-internet.html
>
> The key overview to understand this URL is the summary near the top:
> Quoting from the URL,
> "...Before beginning let's outline the process we are going to follow.
>
> * Copy the main routing table to another routing table and set the
> alternate default route [38].
>
> * Use iptables/ipchains to mark traffic with fwmark.
>
> * Add a rule to the routing policy database.
>
> * Test!"
>
> I have not personally done this.
That's the way my firewall works, by default I go out one ISP, optionally I use
another. The only tip I offer is that you have to be careful to get the source
IP right for the NIC you use. I think you can just set the source IP in iptables
and put a few rules in routing, and eliminate the MARK entirely, but I have it
working the way it is, and no reason to change it. I have access to another ISP
account at the moment, if I really wanted to go crazy with routing I could.
> I can't do much more than give you the URL reference.
> You will need to determine if this as a possible solution for you.
>
>
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list