2 network interfaces connected to internet. Choose the one to use according to the domain name
Question inspired from here
Scenario
I live in a house near my university. That said, students wifi can reach my home so I usually use that even from home. The problem is, being a wifi managed by university sysadmins, it's not possible to connect to some dns (e.g. file uploading domains like rapidshare or megaupload). The good news is I also have an USB internet key that I can use, but, basically that's a scam like all internet mobile plans in Italy because after 20GB they'll cut off my bandwith.
Finally...the question
To optimize my bandwith usage I want to say to my Ubuntu: if I connect to *.domain.com use this interface, otherwise use the other one. For the sake of this question let's call wifi wlan0
and usb internet key ppp0
.
P.S.: it's a really specific question. Do not suggest things like "use Tor, dude". I do not want to abuse the university wifi. I actually don't know if that is even possibile with Tor...but still... :)
Solution 1:
If your example domain "*.domain.com" has a static IP address block, you can add a static route to your routing table like:
me@thiscomputer:~$ whois domain.com
This should give you some contact information for the owners of domain.com. You can contact them to find out their network address. This address will probably be in CIDR format where: 192.168.0.0/24 == "The set of IP addresses from 192.168.0.1 up to 192.168.0.254". The number after the slash is the number of bits in the network portion of the address. This is equivalent to a netmask of 255.255.255.0.
You could also use dig
to look up some host addresses and attempt to deduce the netblock from that, or just add routes to discrete hosts, but I would not recommend it.
With the address information in hand, you can then add a static route like so:
me@thiscomputer:~$ sudo ip route add inet 10.0.0.0/24 dev ppp0
IRL it will probably not work exactly like this, consult the manpage for the ip command or the route command (these are different commands which do the same thing, route is older and part of coreutils) to see how to do it right.
If the domain's address is not static (configured by DHCP for example) which seems unlikely for a site with a persistent A record, you could work the above method into a cron job running at some interval shorter than the site's DHCP lease. You'd likely have to contact the site's administrator to get this information, or just experiment. If the job runs once a day, that would probably be sufficiently frequent.
Solution 2:
Is there a web proxy on your university network? If so, use it for normal web browsing, but not to access blocked sites.
Otherwise, it's possible, but not very easy. Routing (i.e. deciding where to send packets to) is performed at the IP level, which only knows about IP addresses. On the other hand, your routing requirement is based on a host name, but the layer that knows about the names has no control over routing.
I think any solution will involve a web proxy. (I'm assuming that for other protocols, you'll always use a particular network.) The web proxy itself isn't going to do anything other than relay requests, so any will do: a big one (squid
), one specialized for cacheing (wwwoffle
), a simple tiny one (tinyproxy
), etc. (aptitude search web proxy; aptitude search http proxy
).
Now, for the solution I'm proposing (there may be other ways), don't configure your proxy in any special way (i.e. make it relay all requests), but run it as a dedicated user: create a user alt-routed
with no special privilege, and arrange for the proxy to run as this user.
Then, make wlan0
the default route. Then set up iptables and install the iproute
package. The rules you want are to direct outgoing packets that came from a process running as the alt-route-user
to the ppp0
interface. There's no direct way to do it, but it can be done by:
- specially marking (with the mark 1) outgoing packets from user
alt-routed
; - using a different routing table (table 1) for packets marked with this mark;
- routing everything to the alternate interface in this table.
If I understand the documentation correctly, this should work:
iptables -t mangle -A OUTPUT -m owner --uid-owner alt-routed -o wlan0 -j MARK --set-mark 1
ip rule add fwmark 1 table 1
ip route add 0.0.0.0/0 table 1 dev ppp0
Note that this is well beyond my common usage of these tools, so I might have gotten these commands completely wrong. Confirmations or corrections welcome.
Any program you run as alt-routed
will access the Internet via ppp0
instead of the default wlan0
.
Finally, configure your browsers to go through the proxy for sites that you want to access over ppp0
, and not to go through the proxy for sites that you want to access through wlan0
. There are several ways to do that, depending on what browser(s) you're targetting and whether you want a GUI or are willing to edit a configuration file.