From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Furniss Date: Tue, 08 Feb 2005 01:41:11 +0000 Subject: Re: [LARTC] why fwmark don't work Message-Id: <420818B7.6030907@dsl.pipex.com> List-Id: References: <004101c50a0a$ca7b5c00$02c0a8c0@sazhost> In-Reply-To: <004101c50a0a$ca7b5c00$02c0a8c0@sazhost> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org saz wrote: > Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule. > > I have two computers PC1 and PC2 > > PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection > PC2: 192.168.0.2 this is the smtp server > > So this is what i do in PC1: > > first i mark all the packets incoming for 25 port with "1": > > iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1 > > then i create a table called smtp: > > echo 200 smtp >> /etc/iproute2/rt_tables > > after that i set PC2 as default via for my smtp table: > > ip route add default via 192.168.0.2 table smtp > > and finally i make the rule for smtp table > > ip rule add fwmak 1 table smtp > > this would have to work, but is not redirecting nothing... > > i can see that is making the packets with 1 using the command iptables -t mangle -L PREROUTING -v but is not working, any one can help me? I am not sure, but I think your rules will just make smtp packets try to use 192.168.0.2 as a gateway rather than whatever your normal gateway is. I guess you really need to dnat them to 192.168.0.2. using iptables. Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/