All of lore.kernel.org
 help / color / mirror / Atom feed
From: Esteban <eribicic@sinectis.com>
To: netfilter@lists.netfilter.org
Subject: fwmarks
Date: 01 Mar 2003 17:44:23 -0300	[thread overview]
Message-ID: <1046551463.804.39.camel@debian> (raw)

i ve got the clasic firewall for my internal network but inteades of one
internet gw ive got two.

(internel 172.0.0.0/24) eth0 -#linux box#-eth2 (first gw to internet)
					#-ppp0 (second gw to internet)

i have a trnasparent squid and a nat rule to redirect ports..
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

then squid looks for the webpages on the two gateways (multipath).
now i would like to fwmark paquets generated by squid and thru a
routeing table route only www packages to the gw i want.

i tryed 
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2

and then 
echo 201 www.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table www.out
ip route add default gw via 1.1.1.1 dev ppp0 
ip route flush cache

and does not work!.
if i create a rule like 
ip rule add to 2.2.2.2 table www.out
ip route flush cache

that does work!..
i think the mangling is not okay..how do i mangle paquetes generated by
my own server? if anyone have some experience please help me!

thanks in advance












             reply	other threads:[~2003-03-01 20:44 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-01 20:44 Esteban [this message]
2003-03-01 22:00 ` fwmarks Joel Newkirk
2003-03-01 23:13 ` fwmarks Tomasz Wrona
2003-03-02  0:00   ` fwmarks Esteban
  -- strict thread matches above, loose matches on Subject: below --
2003-03-02 21:30 fwmarks eribicic

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1046551463.804.39.camel@debian \
    --to=eribicic@sinectis.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.