All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] mark
@ 2004-03-26 14:56 Paulo Andre
  2004-10-26  3:43 ` James Lista
  2004-10-26  7:19 ` Tomasz Chilinski
  0 siblings, 2 replies; 3+ messages in thread
From: Paulo Andre @ 2004-03-26 14:56 UTC (permalink / raw)
  To: lartc

I have the following scenerio, 
LINK-A and LINK-B connected SRV. Current default gw is LINK-B

I would like for all packets from LINK-A to have LINK-IP-A as default gw.

have done following:

iptables -t mangle -A PREROUTING -i INT-A -j MARK --set-mark 4

ip route add table 4 default via LINK-IP-A
ip rule add fwmark 4 table 4

When I ping the interface from the web, then I do not get a reply, tcpdump and 
iptables show the packets coming in but not going out.
1- am I doing this correctly?
2- how can I definitely find out that the packets are being marked?
3- how can I test my iproute2?

Paulo
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [LARTC] mark
  2004-03-26 14:56 [LARTC] mark Paulo Andre
@ 2004-10-26  3:43 ` James Lista
  2004-10-26  7:19 ` Tomasz Chilinski
  1 sibling, 0 replies; 3+ messages in thread
From: James Lista @ 2004-10-26  3:43 UTC (permalink / raw)
  To: lartc

folks,

when marking a packet to band control , what is the diffent between:

iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark
$P2P_MARK
iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j
CONNMARK --restore-mark

and

iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark
$P2P_MARK

??????

tried to "patch-o-matic" with connmark and didnot work out (kernel 2.6.9)...
.. it works ok with 2.4.x

thanks any help


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] mark
  2004-03-26 14:56 [LARTC] mark Paulo Andre
  2004-10-26  3:43 ` James Lista
@ 2004-10-26  7:19 ` Tomasz Chilinski
  1 sibling, 0 replies; 3+ messages in thread
From: Tomasz Chilinski @ 2004-10-26  7:19 UTC (permalink / raw)
  To: lartc

On Tue, 26 Oct 2004 01:43:43 -0200, James Lista wrote
> folks,

Hello James.

> when marking a packet to band control , what is the diffent between:
> 
> iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark
> $P2P_MARK
> iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j
> CONNMARK --restore-mark
> 
> and
> 
> iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark
> $P2P_MARK

Each p2p connection is composed of many ip packets. p2p match is sensible for
some specific data fields in some these packets. So if you mark only these
packets all other packets (with p2p application data) wont be marked and you
wont limit transfer. Second line in first example marks CONNECTIONs (not
packets) belonged to p2p connection (detected by p2p match). Using second
method has not effect as you would wish.

> ??????
> 
> tried to "patch-o-matic" with connmark and didnot work out (kernel 
> 2.6.9)... .. it works ok with 2.4.x

It works for me with 2.4.x too. I didnt tried with 2.6.x.

--
Kind regards,
Tomasz Chilinski

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-10-26  7:19 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-03-26 14:56 [LARTC] mark Paulo Andre
2004-10-26  3:43 ` James Lista
2004-10-26  7:19 ` Tomasz Chilinski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.