From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-15?Q?Fr=E9d=E9ric_Massot?= Date: Fri, 23 Dec 2005 11:39:40 +0000 Subject: [LARTC] Pb routing/fwmark Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hi, I have a computer which is used as router/firewall/VPN with four network=20 card. One connected on the LAN (br0, 10.0.0.0/24), the three others to=20 three different ISP, eth0 192.168.1.0/29, eth1 192.168.0.0/24, eth2=20 192.168.2.0/29. This computer is under Linux 2.6.11 with the Julian Anastasov routes patch. The configuration by default is to balance the load on the three interfaces. Then, I must route certain service to certain interfaces : - LAN to Internet 3389/TCP --> eth2 - Router to Internet 25/TCP --> eth2 - LAN to Internet 80/TCP --> eth1 I have this routing policy : $ ip rule 0: from all lookup local 50: from all lookup main 101: from all fwmark 0xd3d lookup 203 103: from all fwmark 0x19 lookup 203 104: from all fwmark 0x50 lookup 202 201: from 192.168.1.0/29 lookup 201 202: from 192.168.0.0/24 lookup 202 203: from 192.168.2.0/29 lookup 203 222: from all lookup 222 32766: from all lookup main 32767: from all lookup default $ ip route list table main 193.253.176.56 dev eth0 scope link 81.56.255.222 dev eth1 scope link 195.6.84.110 dev eth2 scope link 192.168.2.0/29 dev eth2 proto kernel scope link src 192.168.2.1 192.168.1.0/29 dev eth0 proto kernel scope link src 192.168.1.1 192.168.254.0/26 dev eth0 scope link 10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.3 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.1 $ ip route list table 201 default via 192.168.1.6 dev eth0 proto static src 192.168.1.1 prohibit default proto static metric 1 $ ip route list table 202 default via 192.168.0.6 dev eth1 proto static src 192.168.0.1 prohibit default proto static metric 1 $ ip route list table 203 default via 192.168.2.6 dev eth2 proto static src 192.168.2.1 prohibit default proto static metric 1 $ ip route list table 222 default proto static nexthop via 192.168.1.6 dev eth0 weight 1 nexthop via 192.168.0.6 dev eth1 weight 4 nexthop via 192.168.2.6 dev eth2 weight 4 And, I mark the paquet with this rule : iptables -t mangle -A PREROUTING -p tcp --dport 3389 -j MARK --set-mark 3389 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 25 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 80 My problem, is that the HTTP is to route to all the interfaces, the SMTP=20 seems to be route to the good interface (eth2), and the TSE (3389) is=20 route to all the interfaces. I do not understand which is the problem, can you help me ? Regards. --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D | FREDERIC MASSOT | | http://www.juliana-multimedia.com | | mailto:frederic@juliana-multimedia.com | =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=DEbian=3DGNU/Linux=3D _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc