[Firehol-support] Re: Firehol & Routing
Thomas Arendsen Hein
thomas at intevation.de
Sat Jan 29 07:29:26 GMT 2005
* Jean-Michel Hiver <hiver.j at wanadoo.fr> [20050128 21:25]:
> I would like to know if it's possible to do routing with firehol.
>
> Now let's say I want to intercept all UDP/8001 traffic (natted or not)
> and redirect it to another NAT gateway (say 192.168.1.1). And I want all
> other traffic to simply go through the default route.
>
> Can you do this with FireHOL?
Yes, with the help of the 'ip' command of iproute2. Use the 'mark'
helper in FireHOL to mark certain packets before the routing
decision is performed:
mark 1 PREROUTING proto udp dport 8001
Now you can use 'ip route' to add policy routing for this:
echo 201 otherway >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table otherway
ip route add default via 192.168.1.1 dev eth0 table otherway
ip route flush cache
Beware: the 'mark' command used decimal numbers, while 'ip'
hexadecimal.
I haven't tested this, but it *should* work.
Thomas
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the Firehol-support
mailing list