Forcing matching traffic out a certain interface

Jasonvw · 2015-10-14 00:14:22

I am trying to force all IRC connections to flow through my wireless card, even when both it and a wired connection is present. The idea here is to not lose my IRC connection when I inevitably decide I am too lazy to remain sitting in my chair and take my laptop to lie in bed. Currently I can acheive this behavior by just having the ethernet cable disconnected as I connect to all of my IRC servers. This seems like a silly kind of solution to me I suppose. I also realize I could setup a static route but I am on many different networks with multiple servers each. This would be a pain to maintain. I feel like I must be super close here. This is what I've got:

#!/bin/bash
wlan_if="wlp3s0"
 
wlan_addr=`ip -6 addr show dev $wlan_if |grep global |awk '{print $2}' |cut -d/ -f1`
ll_gw=`ip -6 route show |grep default|grep $wlan_if`
wlan_subnet=`ip -6 route show |grep proto\ ra |grep $wlan_if` |awk '{print $1}'`
 
 
if [ `ip -6 route show |grep default |wc -l` == 2 ]
then
ip6tables -t mangle -A PREROUTING -p tcp --dport 6697 -j MARK --set-mark 65
ip6tables -A OUTPUT -t mangle -p tcp --dport 6697 -j MARK --set-mark 65
ip -6 rule add fwmark 65 table irc
ip -6 route add default dev $wlan_if via $ll_gw table irc
ip -6 route add $wlan_subnet dev $wlan_if proto ra  metric 600  table irc  #I don't think this line is even necessary but I just am matching the main routing table
ip6tables -A POSTROUTING -t nat -o $wlan_if -p tcp --dport 6697 -j SNAT --to $wlan_addr

else
echo "Two connections not present. Fuck this I'm out"
exit 0
fi

What I end up with is the IRC server seeing the IP being connected from as my wireless address, but I still lose connection when I yank the network cable.

If it helps:

[root@jason-lt:jason]# ip6tables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
MARK       tcp      anywhere             anywhere             tcp dpt:ircs-u MARK set 0x41

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
MARK       tcp      anywhere             anywhere             tcp dpt:ircs-u MARK set 0x41

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination 


[jason@jason-lt:~]$ip -6 rule show
0:      from all lookup local 
16383:  from all fwmark 0x41 lookup irc 
32766:  from all lookup main 


[jason@jason-lt:~]$ip -6 route show table irc
XXXXXX:3941::/64 dev wlp3s0  proto ra  metric 600  pref medium
default via fe80::212:17ff:fe4f:3517 dev wlp3s0  proto static  metric 600  pref medium

Any suggestions would be appreciated. I am (naturally) on IRC too if you want jasonvw on #archlinux.

Last edited by Jasonvw (2015-10-14 00:17:38)

fukawi2 · 2015-10-14 00:54:27

I wrote a script to do this kind of thing a while ago -- it's not very well maintained but it should be able to do what you want: https://github.com/fukawi2/pb-route

EDIT: that script was actually designed to be run on a router, but it shouldn't be too much work to trim the output down to be suitable for an end-device (eg, remove the SNAT rules etc)

Last edited by fukawi2 (2015-10-14 00:56:02)

Arch Linux

#1 2015-10-14 00:14:22

Forcing matching traffic out a certain interface

#2 2015-10-14 00:54:27

Re: Forcing matching traffic out a certain interface

Board footer