Hi,
I'm doing some policy routing - web traffic out my DSL circuit, vpn traffic out of the T1. This is the routes.local file in /sbin/init.d that one of our programmers wrote but, I'm unable to get ahold of them to make a change.
Right now, it's sending ALL HTTP traffic out the DSL circuit - even our intranet traffic, which should be routed through the VPN tunnel. The intranet server is in the 10.101.1.0 subnet at IP 10.101.1.5 at the Corporate Office.
The remote office is on a 10.101.15.0 subnet.
eth0 is 10.101.15.254
eth1 is 65.xxx.xxx.198 (vpn traffic)
eth2 is 66.xxx.xxx.216 (regular web traffic)
#we start by erasing rules from our table so we don't get errors
/bin/ip rule del fwmark 2 table 200
/bin/ip route del default via 66.xxx.xxx.209 dev eth2 table 200
/bin/ip route del 10.101.15.0/24 dev eth0 table 200
/bin/ip route del 65.xxx.xxx.0/29 dev eth1 table 200
/bin/ip route del 66.xxx.xxx.208/28 dev eth2 table 200
/bin/ip route del 10.101.0.0/16 via 65.xxx.xxx.198 dev ipsec0 table 200
#next we flush the mangle table
/usr/local/bin/iptables -t mangle -F
#match the traffic we want to go out the dsl
#mark ALL traffic from eth0
#mark outbound requests from squid http proxy
/usr/local/bin/iptables -A PREROUTING -t mangle -s 10.101.15.0/24 -j MARK --set-mark 2
/usr/local/bin/iptables -A OUTPUT -t mangle -s 66.xxx.xxx.216/32 -p tcp --dport 80 -j MARK --set-mark 2
#create the table
/bin/ip rule add fwmark 2 table 200
#add our routes as appropriate
/bin/ip route add default via 66.xxx.xxx.209 dev eth2 table 200
/bin/ip route add 10.101.15.0/24 dev eth0 table 200
/bin/ip route add 65.xxx.xxx.0/29 dev eth1 table 200
/bin/ip route add 66.xxx.xxx.208/28 dev eth2 table 200
/bin/ip route add 10.101.0.0/16 via 65.xxx.xxx.198 dev ipsec0 table 200
#now flush the route cache
/bin/ip route flush cache
My question is: How do I make it so internal web traffic is routed across the VPN?
Mike
