Re: Strange netfilter/iproute behav.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roberto Nibali <ratz@tac.ch>
To: Richard Mueller <mueller@teamix.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: Strange netfilter/iproute behav.
Date: Mon, 09 Dec 2002 11:49:08 +0100	[thread overview]
Message-ID: <3DF47524.2010204@tac.ch> (raw)
In-Reply-To: 11126858610.20021207230114@teamix.net

Hello,

> Some strange things are happening, when I try to use routing decisions
> based on fwmark.

Ok.

> host:~# ip rule add fwmark 19 lookup inet
> host:~# iptables -t mangle -F
> host:~# iptables -t mangle -A OUTPUT -j MARK --set-mark 19

[vs.]

> host:~# ip rule add fwmark 1 lookup inet
> host:~# iptables -t mangle -A OUTPUT -j MARK --set-mark 1

A lot of people fall into this trap.

> I have no idea what I have done wrong and  the  workaround  (by  using
> "1") isn't really a good idea because is need plenty ( > 10) of fwmark
> targets.

:) The problem is that the fwmark from iproute2 takes its argument as a hex 
value. So when you write the following line:

ip rule add fwmark 19 lookup inet

You actually have 0x19 which is 25. So you need to to set the following 
according iptables mangle rule with MARK=19:

iptables -t mangle -A OUTPUT -j MARK --set-mark $((0x${MARK}))

> If this is a beginner's problem please say something like
> # man iptables

It's probably a beginner's problem but there is not really a man page for this, 
so I say RTSL :)

Cheers and HTH,
Roberto Nibali, ratz
-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

     prev parent reply	other threads:[~2002-12-09 10:49 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-07 22:01 Strange netfilter/iproute behav Richard Mueller
2002-12-09 10:49 ` Roberto Nibali [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DF47524.2010204@tac.ch \
    --to=ratz@tac.ch \
    --cc=mueller@teamix.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.