<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="+1"><tt>Hi CLUEbies,<br>
<br>
I have an interesting networking problem. We have very expensive but
super reliable satellite network connections, and a backup terrestrial
cell phone connection that may or may not always work, but if it does
it's a lot cheaper than the satellite.<br>
<br>
Both the cell phone "modem" and the satellite modem provide ethernet
connectivity with IP. We want to route IP packets to one or the other
of these based on some factors OTHER than simply the destination.
Specifically we want all HTTP and HTTPS traffic to be sent over the
cell network (including replies, not just the requests) and other
traffic should stay on the satellite connection. If we can get this to
work we will come up with some other requirements too I'm sure.<br>
<br>
We can not use a proxy server like squid because of limited computing
power and limited disk space.<br>
<br>
We tried to use iproute2 with netfilter/iptables mangle and fwmark to
make the routing decision. The linux kernel in the router was designed
for an embedded system and was compiled without some important
netfilter options (including support for the mangle table). We can
recompile the kernel and deploy a new OS to all of our remote satellite
routers but that is quite a bit of work and is risky.<br>
<br>
Can anyone out there think of some other way to route particular (as
determined by layer 4 and above) traffic (bi-directionally) over one
network and through one "default" gateway, and all other traffic
through another "default" gateway? Is the only way to do this via
iproute2 and fwmark? We are open to very clever suggestions...<br>
<br>
We can make separate IP address ranges for the cell phone modem and
satellite modem so that the end user system which originates the
traffic will always get its replies from the same place. The only
system that needs to have a complicated routing table and routing rules
should be the router itself, which talks to both the cell phone modem
and the satellite modem.<br>
<br>
I think something like this might work and is along the same lines, but
they each use the mangle table too:<br>
<a class="moz-txt-link-freetext" href="http://lists.netfilter.org/pipermail/netfilter/2001-June/012602.html">http://lists.netfilter.org/pipermail/netfilter/2001-June/012602.html</a><br>
<a class="moz-txt-link-freetext" href="http://mailman.ds9a.nl/pipermail/lartc/2004q1/012247.html">http://mailman.ds9a.nl/pipermail/lartc/2004q1/012247.html</a><br>
<br>
Thanks,<br>
Jim<br>
</tt></font>
<pre class="moz-signature" cols="72">--
Jim Ockers, P.Eng. (<a class="moz-txt-link-abbreviated" href="mailto:ockers@ockers.net">ockers@ockers.net</a>)
Contact info: <a class="moz-txt-link-freetext" href="http://www.ockers.ca/pason.html">http://www.ockers.ca/pason.html</a>
</pre>
</body>
</html>