From: Patrick McHardy <kaber@trash.net>
To: "lartc@manchotnetworks.net" <lartc@manchotnetworks.net>
Cc: Henrik Nordstrom <hno@marasystems.com>,
Patrick Schaaf <bof@bof.de>,
netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: policy routing on locally generated packets [summary]
Date: Wed, 27 Aug 2003 16:57:03 +0200 [thread overview]
Message-ID: <3F4CC6BF.2030604@trash.net> (raw)
In-Reply-To: <1061995596.1247.28.camel@drs0.manchotnetworks.net>
lartc@manchotnetworks.net wrote:
>final conclusion:
>to effectively obtain policy routing on locally generated packets, the
>OUTPUT ROUTING process would need to be hooked into netfilter thereby
>letting packets be marked. OUTPUT ROUTING would then use the mark to
>find a routing table via a routing rule. OUTPUT ROUTING would get the
>route key fields using the "best" destination route within the routing
>table, or use the default routing table if no suitable route was found.
>(Cedric -- this would include the iif key therefore obviating/including
>your patch through ip route commands)
>
>
>iptables --append OUTROUTE --table mangle (expressions) \
> --jump MARK --set-mark 0x2
>
It is not possible for two reasons:
- before output routing the packet doesn't have a source ip so it
would be weird to pass it through iptables tables.
- the source is chosen before the ip header is prepended, this
makes it impossible to pass it to iptables first.
Why can't you use NAT ?
Best regards,
Patrick
next prev parent reply other threads:[~2003-08-27 14:57 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-25 12:09 policy routing on locally generated packets lartc
2003-08-25 12:31 ` Patrick McHardy
2003-08-25 15:13 ` Patrick McHardy
2003-08-25 18:53 ` lartc
2003-08-25 19:07 ` Patrick Schaaf
2003-08-26 8:47 ` lartc
2003-08-26 11:09 ` Patrick Schaaf
2003-08-26 12:01 ` lartc
2003-08-26 12:14 ` Cedric de Launois
2003-08-26 18:47 ` lartc
2003-08-26 19:40 ` Henrik Nordstrom
2003-08-26 13:17 ` Patrick McHardy
2003-08-26 19:37 ` Henrik Nordstrom
2003-08-26 13:12 ` Patrick McHardy
2003-08-26 19:45 ` Henrik Nordstrom
2003-08-27 14:46 ` policy routing on locally generated packets [summary] lartc
2003-08-27 14:57 ` Patrick McHardy [this message]
2003-08-27 16:19 ` lartc
2003-08-27 14:58 ` Henrik Nordstrom
2003-08-26 13:06 ` policy routing on locally generated packets Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F4CC6BF.2030604@trash.net \
--to=kaber@trash.net \
--cc=bof@bof.de \
--cc=hno@marasystems.com \
--cc=lartc@manchotnetworks.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.