From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marco Gaiarin <gaio@sv.lnf.it>
Date: Tue, 30 Jul 2019 12:32:07 +0000
Subject: Policy routing (fwmark-based) and local traffic...
Message-Id: <20190730123207.GE2430@sv.lnf.it>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org


I was trying to setup some policy routing (using iptables fwmark) for
local traffic; i've just in place rules for forward traffic (in
PREROUTING chain, mangle table) and works as expected.
EG:

 ulysses:~# ip rule show
 0:	from all lookup local=20
 32762:	from all fwmark 0x30/0xf0 lookup FIBRA=20
 32763:	from 192.168.178.2 lookup FIBRA=20
 32764:	from all fwmark 0x20/0xf0 lookup ADSL2=20
 32765:	from 194.243.231.54 lookup ADSL2=20
 32766:	from all lookup main=20
 32767:	from all lookup default=20

and

 ulysses:~# iptables -t mangle -vnL PREROUTING
 Chain PREROUTING (policy ACCEPT 278K packets, 175M bytes)
  pkts bytes target     prot opt in     out     source               destin=
ation        =20
     0     0 MARK       tcp  --  *      *       0.0.0.0/0            173.19=
4.79.109       multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK=
 xset 0x20/0xf0
     0     0 MARK       tcp  --  *      *       0.0.0.0/0            173.19=
4.79.108       multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK=
 xset 0x20/0xf0
  1488  311K MARK       tcp  --  *      *       0.0.0.0/0            173.19=
4.76.109       multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK=
 xset 0x20/0xf0
   143 99494 MARK       tcp  --  *      *       0.0.0.0/0            173.19=
4.76.108       multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK=
 xset 0x20/0xf0
 [...]


I've tried to setup the same thing for local generated traffic but...
i've discovered that the 'routing decision' happen BEFORE iptables
tables (so, simply, fwmarks get ignored).


It is true or i'm missing something? Thanks.

--=20
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.=
it/
  Polo FVG   -   Via della Bont=E0, 7 - 33078   -   San Vito al Tagliamento=
 (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842=
797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)