From: Szymon Mroofka <sawar@interia.pl>
To: lartc@vger.kernel.org
Subject: [LARTC] rule fwmark desn't work for local packets (output chain)
Date: Fri, 31 Mar 2006 01:15:54 +0000 [thread overview]
Message-ID: <200603310315.55782.sawar@interia.pl> (raw)
Witam wszystkich
After few days with yours help I've succeeded with setup of load-balancing.
Now I have problem with next step. I want to mark some packets and than put
them to the one of the routing tables to force them going via only one
interface with only one ip. Easy?? Ofcourse, but not for me :(.
I'm NOT using NAT.
Chain OUTPUT (policy ACCEPT 71 packets, 24227 bytes) pkts bytes target prot
opt in out source destination
35 2940 MARK all -- * * 0.0.0.0/0 217.17.45.128/27
MARK set 0x32
lucy ~ # ip rule
0: from all lookup local
10: from all lookup main
34: from all fwmark 50 lookup zew
50: from 80.48.56.70 lookup zew
60: from 192.168.200.10 lookup wew
100: from all lookup brama
32766: from all lookup main
32767: from all lookup default
it should working fine but it's not
with this sets of rouls all is ok.
lucy ~ # ip rule
0: from all lookup local
10: from all lookup main
34: from all to 217.17.45.128/27 lookup zew
50: from 80.48.56.70 lookup zew
60: from 192.168.200.10 lookup wew
100: from all lookup brama
32766: from all lookup main
32767: from all lookup default
When I use fwmark packets are send with wrong src ip via eth0 (table zew) they
have ip of eth1 and the wrong gw addres but they are send via eth0. So the
rule is working (packets goes to zew table) but they have wrong src ip.
When I use "ip rule add to..." insted of fwmark all is ok.
So what is the difference between iptable marking and "ip rule add to..." for
the kernel.
Does packet arrive to the mangle table of output chain after or before
routing.
According this
http://www.docum.org/docum.org/kptd/
packet is after routing
My question is how to change his src ip without using NAT if there is any??
Or maby any other ideas how to solve my problem.
lucy ~ # ip rout show table zew
127.0.0.0/8 dev lo scope link
default via 80.48.56.65 dev eth0 proto static src 80.48.56.70
prohibit default proto static metric 1
lucy ~ # ip rout show table wew
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth1 proto static src 192.168.200.10
prohibit default proto static metric 1
lucy ~ # ip rout show table brama
default proto static
nexthop via 192.168.1.1 dev eth1 weight 1
nexthop via 80.48.56.65 dev eth0 weight 1
lucy ~ # ip rout show table main
80.48.56.128/26 dev eth0 proto kernel scope link src 80.48.56.70
80.48.56.64/26 dev eth0 proto kernel scope link src 80.48.56.70
192.168.0.0/16 dev eth1 proto kernel scope link src 192.168.200.10
127.0.0.0/8 dev lo scope link
Pozdrawiam
----------------------------------------------------------------------
Auto kontra pociag: efekt konfrontacji! > http://link.interia.pl/f1921
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
reply other threads:[~2006-03-31 1:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200603310315.55782.sawar@interia.pl \
--to=sawar@interia.pl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.