Re: marking/mangling of local packets for altering routes?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jeff Wiegley <jeffw@csun.edu>
To: Bryan Harris <bryanlharris@me.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: marking/mangling of local packets for altering routes?
Date: Thu, 23 May 2013 10:39:41 -0700	[thread overview]
Message-ID: <519E545D.9050500@csun.edu> (raw)
In-Reply-To: <FE275ABF-CAB1-4F7B-9287-E781D6684C67@me.com>

On 5/22/2013 1:22 PM, Bryan Harris wrote:
> On May 22, 2013, at 3:30 PM, Jeff Wiegley <jeffw@csun.edu> wrote:
>
>> I'm trying to do to some service based routing using the "ip rule" and "ip route"
>> by marking packets.
> Is this what you mean?  Sorry if I misunderstood.
>
> echo "2 myGreatTable" >> /etc/iproute2/rt_tables
> iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1
> ip rule add fwmark 1 table myGreatTable
> ip route add default via 192.168.1.1 dev eth1 table myGreatTable
>
> Bryan
>
>

Yes. that is the sort of thing I am trying to do. My confusion was that 
locally generated
packets would not be subjected to the added rule and route because the 
routing decision
was made before the PREROUTING chain of the mangle table is applied.

However, As Jaff Haran pointed out: In Table 6-2 of 
http://www.iptables.info/en/structure-of-iptables.html
there is a second routing decision that is made after the mangle and nat 
PREROUTING chains have
been processed. I missed that line in all my reading. It guarantees that 
if the locally generated
packets are mangled PREROUTING that another routing decision is made for 
them and they will,
as desired, be affected by the sort of marking and rules/route that you 
have kindly provided.

Thank you!

- Jeff

     prev parent reply	other threads:[~2013-05-23 17:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-22 19:30 marking/mangling of local packets for altering routes? Jeff Wiegley
2013-05-22 20:22 ` Bryan Harris
2013-05-23 17:39   ` Jeff Wiegley [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=519E545D.9050500@csun.edu \
    --to=jeffw@csun.edu \
    --cc=bryanlharris@me.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.