0

I have a issabel Linux (based on Centos 7) with 3 ethernet, and I want this scenario:

eth0 with IP 172.16.3.30/16 ----gw(172.16.0.1)----> (I want to use as Default Gateway)

eth1 with IP 10.1.5.102/30 -----gw(10.1.5.101)----> (mark connections to 10.10.10.10:5160 for send via 10.1.5.101 with own src(10.1.5.102))

eth2 with IP 10.1.5.106/30 -----gw(10.1.5.105)----> (mark connections to 10.10.10.10:5161 for send via 10.1.5.101 with own src(10.1.5.106))

attention : there is one same destination address! (10.10.10.10 but different port)

I am using this codes:

iptables -A OUTPUT -t mangle -p udp -d 10.10.10.10/32 --dport 5160 -j MARK --set-mark 1
iptables -A OUTPUT -t mangle -p udp -d 10.10.10.10/32 --dport 5161 -j MARK --set-mark 2
echo 100 sip102 >> /etc/iproute2/rt_tables
echo 101 sip106 >> /etc/iproute2/rt_tables
ip route add default dev eth1 table sip102
ip route add default dev eth2 table sip106
ip rule add from all fwmark 1 table sip102
ip rule add from all fwmark 2 table sip106

But SIP Trunks cannot be connect. (I was changed first two line to -A PREROUTING but not effected)

When I am trying to test table's route without marking with this:

ip rule add to 10.10.10.10 table sip102

I see one SIP trunk is connected (10.1.5.102 > 10.10.10.10:5160 Connected)

Dave M
  • 4,514
  • 22
  • 31
  • 30
erfan mehralizadeh
  • 1
  • Why do you want mark? you can use `ip rule` to do all this with source instead, you should also add some other routes to each of the tables. use tcpdump or similar tools to see what is going on, especially check for traffic comming back and make sure it goes back the right way. – NiKiZe Dec 17 '21 at 20:23
  • Because there is one dst. Address with different ports and only way to separate and manage connection is marking, is it possible to do this with ip rule? – erfan mehralizadeh Dec 17 '21 at 22:40
  • My bad, missed the port part, seeing many (other) questions where iptables is not needed. your routes still need the gw unless destination is on link, and again tcpdump and try to follow the traffic, and the replys. – NiKiZe Dec 17 '21 at 23:08
  • i can't use tcpdump because it's UDP (SIP) – erfan mehralizadeh Dec 18 '21 at 12:06
  • Not sure what you mean, tcpdump shows UDP, but feel free to use any packet capture tool you are comfy with, wireshark if you like UIs – NiKiZe Dec 18 '21 at 13:32
  • I would use source based routing here. In my opinion the best approach, because that way, you do not have to mess with iptables at all... https://blog.scottlowe.org/2013/05/29/a-quick-introduction-to-linux-policy-routing/ – Martin Jan 21 '22 at 14:06

0 Answers0