Topic: How to route by port?

There's a couple of suggestions here: http://wiki.openwrt.org/PPTPClientHowto#head-44ebbef9b6c30d56e84d556efe4f317914dd0880

However, ipt_ROUTE is out, since it's not in OpenWrt's kernel. I can't get the other thing to work either.

Has anyone done this and care to share an example?

Re: How to route by port?

I got packet marking as described at http://lartc.org/howto/lartc.netfilter.html to work with iproute2 without too much trouble.  I have two internet connections over eth1 and vlan1.  eth1 is fast but occasionally drops out so I wanted to send certain traffic via vlan1 which is slower but reliable.

-- Create a new routing table and add a rule to use it for packets marked with a 1.
# mkdir /etc/iproute2
# echo 201 table1 >> /etc/iproute2/rt_tables
# ip rule add fwmark 1 table table1
# ip rule ls
0:  from all lookup local
32764:  from all fwmark        1 lookup table1
32766:  from all lookup main
32767:  from all lookup default

-- Set routes on the new table (here just a default route, probably should copy other entries from main table).
# ip route add default via 192.168.0.1 dev vlan1 table table1
# ip route list table table1
default via 192.168.0.1 dev vlan1

-- Add netfilter rules to mark packets (here on TCP 80).
# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1
# iptables -t mangle -L PREROUTING -v
Chain PREROUTING (policy ACCEPT 5543K packets, 3265M bytes)
pkts bytes target     prot opt in     out     source               destination 
   20  3924 MARK       tcp  --  any    any     anywhere             anywhere            tcp dpt:80 MARK set 0x1

I'm by no means an expert on this, but it seems to be working for me.

Roy

Re: How to route by port?

rhashimoto wrote:

-- Set routes on the new table (here just a default route, probably should copy other entries from main table).
# ip route add default via 192.168.0.1 dev vlan1 table table1
# ip route list table table1
default via 192.168.0.1 dev vlan1

Thanks for the quick reply.

I think my problem might be with the "via" stuff in the routes. How should I figure out what gateway I have been supplied at a particular ISP? I don't see that in the ifconfig output.

Re: How to route by port?

If your gateway is configured by DHCP, then by it is entered in the main routing table by the script /usr/share/udhcpc/default.script.  You can list the main routing table with:

# ip route show table main

or, since the main table is the default, simply:

# ip route show

The idea with packet marking is that the ip rule allows packets to be sent to a table other than main, so they can be routed completely differently.

Roy

Re: How to route by port?

rhashimoto wrote:

-- Set routes on the new table (here just a default route, probably should copy other entries from main table).
# ip route add default via 192.168.0.1 dev vlan1 table table1
# ip route list table table1
default via 192.168.0.1 dev vlan1

I get as far as that bit. When I try it, with my settings, I get this:

# ip route add default via 83.233.168.7 dev ppp0 table relakks
RTNETLINK answers: Network is unreachable

(83.233.168.7 is the remote side of my PPTP connection, and thus as far as I can tell my gateway on that side.)

Any ideas about what this means?

Re: How to route by port?

I think you need src parameter. 

    /usr/sbin/ip route add default via $TUN_SRV_IP dev $TUN_IF \
      src $TUN_CLI_IP table 1
    /usr/sbin/ip rule add from $DP_IP/24 fwmark 0x9 table 1

FWIW, I couldn't get this to work in RC6 without removing the 216-multiple_default_gateways.patch and recompiling:

http://forum.openwrt.org/viewtopic.php?id=7786

Hope this helps.

Re: How to route by port?

It sure did. I downgraded to RC5 and now it works.