mark value as routing key

All of lore.kernel.org
 help / color / mirror / Atom feed

* mark value as routing key
@ 2005-10-19 10:43 Marco Berizzi
  0 siblings, 0 replies; 6+ messages in thread
From: Marco Berizzi @ 2005-10-19 10:43 UTC (permalink / raw)
  To: netfilter

Hi.

I have a problem with iptables mark target.
I'm using iptables to mark packet in this manner:

iptables -t mangle -I OUTPUT --protocol tcp --dport 80 -j MARK --set-mark 1

This linux box has two different ip addresses on
two different subnet on the same ethernet NIC:

eth0: 1.1.1.254/24
eth0:adslA: 10.10.10.6/29

This is my ip rule sh output:

0: from all lookup local
400: from all fwmark 0x1 lookup adsl
450: from all lookup hdsl
32766: from all lookup main
32767: from all lookup default

Here is ip route sh table adsl:
default via 10.10.10.1 dev eth0 metric 1
and this is ip route sh table hdsl:
default via 1.1.1.1 dev eth0 metric 1

main table doesn't have any default route.

Locally generated packet with destination port 80
are going through the adsl table but the packet
source ip is 1.1.1.254. Why?

Kernel is vanilla 2.6.14-rc4

^ permalink raw reply	[flat|nested] 6+ messages in thread

* mark value as routing key
@ 2005-10-20  8:14 Marco Berizzi
  2005-10-20 10:57 ` Martijn Lievaart
                   ` (3 more replies)
  0 siblings, 4 replies; 6+ messages in thread
From: Marco Berizzi @ 2005-10-20  8:14 UTC (permalink / raw)
  To: netfilter-devel

Hi.

I have a problem with iptables mark target.
I'm using iptables to mark packet in this manner:

iptables -t mangle -I OUTPUT --protocol tcp --dport 80 -j MARK --set-mark 1

This linux box has two different ip addresses on
two different subnet on the same ethernet NIC:

eth0: 1.1.1.254/24
eth0:adslA: 10.10.10.6/29

This is my ip rule sh output:

0: from all lookup local
400: from all fwmark 0x1 lookup adsl
450: from all lookup hdsl
32766: from all lookup main
32767: from all lookup default

Here is ip route sh table adsl:
default via 10.10.10.1 dev eth0 metric 1
and this is ip route sh table hdsl:
default via 1.1.1.1 dev eth0 metric 1

main table doesn't have any default route.

Locally generated packet with destination port 80
are going through the adsl table but the packet
source ip is 1.1.1.254. Why source ip packet is
1.1.1.254? Should't it be 10.10.10.6?

Kernel is vanilla 2.6.14-rc4

TIA

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mark value as routing key
  2005-10-20  8:14 mark value as routing key Marco Berizzi
@ 2005-10-20 10:57 ` Martijn Lievaart
  2005-10-20 11:12 ` Henrik Nordstrom
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 6+ messages in thread
From: Martijn Lievaart @ 2005-10-20 10:57 UTC (permalink / raw)
  To: pupilla; +Cc: netfilter-devel

Marco Berizzi zei:

> Here is ip route sh table adsl:
> default via 10.10.10.1 dev eth0 metric 1
> and this is ip route sh table hdsl:
> default via 1.1.1.1 dev eth0 metric 1
>
> main table doesn't have any default route.
>
> Locally generated packet with destination port 80
> are going through the adsl table but the packet
> source ip is 1.1.1.254. Why source ip packet is
> 1.1.1.254? Should't it be 10.10.10.6?

I think you are missing the 'src' option in your routes.

default via 10.10.10.1 dev eth0 metric 1 src 10.10.10.6

HTH,
M4

P.S. This is better suited for the user  list, not the developers list.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mark value as routing key
  2005-10-20  8:14 mark value as routing key Marco Berizzi
  2005-10-20 10:57 ` Martijn Lievaart
@ 2005-10-20 11:12 ` Henrik Nordstrom
  2005-10-20 12:09 ` David Coulson
  2005-10-30 15:23 ` Patrick McHardy
  3 siblings, 0 replies; 6+ messages in thread
From: Henrik Nordstrom @ 2005-10-20 11:12 UTC (permalink / raw)
  To: Marco Berizzi; +Cc: Netfilter Users

On Thu, 20 Oct 2005, Marco Berizzi wrote:

> Locally generated packet with destination port 80
> are going through the adsl table but the packet
> source ip is 1.1.1.254. Why source ip packet is
> 1.1.1.254? Should't it be 10.10.10.6?

Because source address assignment takes place very early, before there 
even is a packet to be seen by iptables, by using a very special routing 
lookup.

To get around this you can SNAT the traffic before it leaves the box, or 
configure the application to specifically use the correct source address.

Regards
Henrik

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mark value as routing key
  2005-10-20  8:14 mark value as routing key Marco Berizzi
  2005-10-20 10:57 ` Martijn Lievaart
  2005-10-20 11:12 ` Henrik Nordstrom
@ 2005-10-20 12:09 ` David Coulson
  2005-10-30 15:23 ` Patrick McHardy
  3 siblings, 0 replies; 6+ messages in thread
From: David Coulson @ 2005-10-20 12:09 UTC (permalink / raw)
  To: Marco Berizzi; +Cc: netfilter-devel



Marco Berizzi wrote:

> Locally generated packet with destination port 80
> are going through the adsl table but the packet
> source ip is 1.1.1.254. Why source ip packet is
> 1.1.1.254? Should't it be 10.10.10.6?

No - You will have to create a NAT rule to NAT anything marked with 0x1
onto 10.10.10.6.

David

-- 
David J. Coulson
email: david@davidcoulson.net
web: http://www.davidcoulson.net/

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: mark value as routing key
  2005-10-20  8:14 mark value as routing key Marco Berizzi
                   ` (2 preceding siblings ...)
  2005-10-20 12:09 ` David Coulson
@ 2005-10-30 15:23 ` Patrick McHardy
  3 siblings, 0 replies; 6+ messages in thread
From: Patrick McHardy @ 2005-10-30 15:23 UTC (permalink / raw)
  To: Marco Berizzi; +Cc: netfilter-devel

Marco Berizzi wrote:
> Hi.
> 
> I have a problem with iptables mark target.
> I'm using iptables to mark packet in this manner:
> 
> iptables -t mangle -I OUTPUT --protocol tcp --dport 80 -j MARK --set-mark 1
> 
> This linux box has two different ip addresses on
> two different subnet on the same ethernet NIC:
> 
> eth0: 1.1.1.254/24
> eth0:adslA: 10.10.10.6/29
> 
> This is my ip rule sh output:
> 
> 0: from all lookup local
> 400: from all fwmark 0x1 lookup adsl
> 450: from all lookup hdsl
> 32766: from all lookup main
> 32767: from all lookup default
> 
> Here is ip route sh table adsl:
> default via 10.10.10.1 dev eth0 metric 1
> and this is ip route sh table hdsl:
> default via 1.1.1.1 dev eth0 metric 1
> 
> main table doesn't have any default route.
> 
> Locally generated packet with destination port 80
> are going through the adsl table but the packet
> source ip is 1.1.1.254. Why source ip packet is
> 1.1.1.254? Should't it be 10.10.10.6?

The mark value can't be used for source address selection
because at the time source address selection is performed
there is no packet yet and thus no mark value.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2005-10-30 15:23 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-20  8:14 mark value as routing key Marco Berizzi
2005-10-20 10:57 ` Martijn Lievaart
2005-10-20 11:12 ` Henrik Nordstrom
2005-10-20 12:09 ` David Coulson
2005-10-30 15:23 ` Patrick McHardy
  -- strict thread matches above, loose matches on Subject: below --
2005-10-19 10:43 Marco Berizzi

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.