From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Subject: Re: Using MARK and TOS to route traffic through different interfaces to the same destination
Date: Thu, 11 Dec 2008 13:41:32 +0100 [thread overview]
Message-ID: <49410A7C.6010501@plouf.fr.eu.org> (raw)
In-Reply-To: <1228998831.22977.9.camel@enterprise.ims-firmen.de>
Hello,
Thomas Jacob a écrit :
> On Thu, 2008-12-11 at 13:18 +0100, Javier Gálvez Guerrero wrote:
>>
>> I need to route packets through different interfaces (let them be ath0
>> and eth0) depending on the application source port, so I thought using
>> TOS or MARK targets of iptables would be helpful.
>>
>> Anyway, as I try configure it to mark the traffic and updating the
>> routing tables through many different ways, I can't get it working so
>> the packets are always sent through the "default" interface in the
>> main routing table.
>>
>> For example, if I use MARK I configure it this way:
>>
>> sudo iptables -A OUTPUT -t mangle -p tcp --dport 60301 -j MARK --set-mark 1
>> sudo iptables -A OUTPUT -t mangle -p tcp --dport 60302 -j MARK --set-mark 2
These rules match the destination port. Replace --dport with --sport to
match the source port.
> AFAIK, locally generated packets are routed before they are sent to
> netfilter, so setting fwmarks there to influence routing is pointless.
A rerouting happens after the OUTPUT chains in order to take into
account destination NAT and marks.
next prev parent reply other threads:[~2008-12-11 12:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-11 12:18 Using MARK and TOS to route traffic through different interfaces to the same destination Javier Gálvez Guerrero
2008-12-11 12:33 ` Thomas Jacob
2008-12-11 12:41 ` Pascal Hambourg [this message]
2008-12-11 12:48 ` Thomas Jacob
2008-12-11 23:54 ` Philip Craig
2008-12-11 13:15 ` Javier Gálvez Guerrero
2008-12-12 10:33 ` Pascal Hambourg
2008-12-12 11:57 ` Javier Gálvez Guerrero
2008-12-12 12:42 ` Pascal Hambourg
2008-12-12 14:07 ` Javier Gálvez Guerrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49410A7C.6010501@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.