* [LARTC] why fwmark don't work
@ 2005-02-03 16:09 saz
2005-02-08 1:41 ` Andy Furniss
0 siblings, 1 reply; 2+ messages in thread
From: saz @ 2005-02-03 16:09 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1080 bytes --]
Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule.
I have two computers PC1 and PC2
PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection
PC2: 192.168.0.2 this is the smtp server
So this is what i do in PC1:
first i mark all the packets incoming for 25 port with "1":
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1
then i create a table called smtp:
echo 200 smtp >> /etc/iproute2/rt_tables
after that i set PC2 as default via for my smtp table:
ip route add default via 192.168.0.2 table smtp
and finally i make the rule for smtp table
ip rule add fwmak 1 table smtp
this would have to work, but is not redirecting nothing...
i can see that is making the packets with 1 using the command iptables -t mangle -L PREROUTING -v but is not working, any one can help me?
[-- Attachment #2: Type: text/html, Size: 2777 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] why fwmark don't work
2005-02-03 16:09 [LARTC] why fwmark don't work saz
@ 2005-02-08 1:41 ` Andy Furniss
0 siblings, 0 replies; 2+ messages in thread
From: Andy Furniss @ 2005-02-08 1:41 UTC (permalink / raw)
To: lartc
saz wrote:
> Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule.
>
> I have two computers PC1 and PC2
>
> PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection
> PC2: 192.168.0.2 this is the smtp server
>
> So this is what i do in PC1:
>
> first i mark all the packets incoming for 25 port with "1":
>
> iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1
>
> then i create a table called smtp:
>
> echo 200 smtp >> /etc/iproute2/rt_tables
>
> after that i set PC2 as default via for my smtp table:
>
> ip route add default via 192.168.0.2 table smtp
>
> and finally i make the rule for smtp table
>
> ip rule add fwmak 1 table smtp
>
> this would have to work, but is not redirecting nothing...
>
> i can see that is making the packets with 1 using the command iptables -t mangle -L PREROUTING -v but is not working, any one can help me?
I am not sure, but I think your rules will just make smtp packets try to
use 192.168.0.2 as a gateway rather than whatever your normal gateway
is. I guess you really need to dnat them to 192.168.0.2. using iptables.
Andy.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-02-08 1:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-03 16:09 [LARTC] why fwmark don't work saz
2005-02-08 1:41 ` Andy Furniss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.