From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Subject: Re: Using MARK and TOS to route traffic through different interfaces to the same destination
Date: Fri, 12 Dec 2008 13:42:28 +0100 [thread overview]
Message-ID: <49425C34.3050108@plouf.fr.eu.org> (raw)
In-Reply-To: <145d4e1a0812120357i12694aa6o11c64fba2ab8fefb@mail.gmail.com>
Javier Gálvez Guerrero a écrit :
>
> It seems that it matches and manages more or less properly, but the IP
> address not change while the output interface seems to be selected
> accordingly the rules. As said before, each interface is binded to a
> different IP address.
The source address is selected either by the sender process or by the
initial routing decision, before the OUTPUT chains. Rerouting after the
OUTPUT chains does not alter it even though the output interface has
changed. Thus the source address selection is unaware of iptables-based
advanced routing.
> This is the configuration I set:
[...]
> sudo ip route add table 1 192.168.0.2 dev ath0
> sudo ip route add table 2 192.168.0.2 dev eth0
Isn't there a typo ? These commands create host routes to 192.168.0.2,
not default routes via gateway 192.168.0.2 as in your previous message.
Another problem is that according to the interface subnets and the main
routing table, 192.168.0.2 is reachable only on eth0, not ath0.
> dulceangustia@spike:~$ ip route
> 192.168.0.0/25 dev eth0 proto kernel scope link src 192.168.0.3
> 192.168.0.128/25 dev ath0 proto kernel scope link src 192.168.0.150
> default via 192.168.0.1 dev eth0
Are both interfaces on the same link ? If yes, what is the subnet on
that link ?
> And this is what I get:
>
> dulceangustia@spike:~$ sudo iptables -vL
This command only shows the default (filter) table. You want to display
the mangle table with -t mangle.
> I don't know why the source IP address is not changed. May be a
> problem of ip route and not iptables?
I explained why the source address is unchanged, see above.
> Any idea about how to solve it?
Either select the source address in the sender process (if you can
select the destination port, you may be able to select the source
address too) or use iptables SNAT.
> I tried also to add a POSTROUTING SNAT rule to change the origin
> source but it doesn't take any effect.
It should work. What rules did you try ? Note that iperf shows only the
initial source address before SNAT, not the actual address on the wire.
next prev parent reply other threads:[~2008-12-12 12:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-11 12:18 Using MARK and TOS to route traffic through different interfaces to the same destination Javier Gálvez Guerrero
2008-12-11 12:33 ` Thomas Jacob
2008-12-11 12:41 ` Pascal Hambourg
2008-12-11 12:48 ` Thomas Jacob
2008-12-11 23:54 ` Philip Craig
2008-12-11 13:15 ` Javier Gálvez Guerrero
2008-12-12 10:33 ` Pascal Hambourg
2008-12-12 11:57 ` Javier Gálvez Guerrero
2008-12-12 12:42 ` Pascal Hambourg [this message]
2008-12-12 14:07 ` Javier Gálvez Guerrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49425C34.3050108@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.