From: Tobias <medlor@web.de>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Routing based on source port - Solution ?
Date: Fri, 19 Apr 2002 18:59:17 +0000 [thread overview]
Message-ID: <marc-lartc-101924270815573@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101922226325230@msgid-missing>
Hello Adrian
Thanks for your help. It is working with your advice to use
the mangle OUTPUT table and the ascii grafik on
http://netfilter.samba.org/documentation/HOWTO//netfilter-hacking-HOWTO.html#toc3.2 .
My simplified ruleset is:
/usr/sbin/ip rule add from $OFFICIAL_IP_of_2nd_Interface table NP
/usr/sbin/ip route add default via $2_nd_Interface_Gateway dev $DEVICE_2_ROUTE_IS_AIMED table NP
iptables -t mangle -A OUTPUT -p tcp --dport $PORTNUMBER -j MARK --set-mark 1
/usr/sbin/ip rule add fwmark 1 table NP
/usr/sbin/ip route flush cache
iptables -t nat -A POSTROUTING -o $DEVICE_2_ROUTE_IS_AIMED -p tcp --dport $PORTNUMBER -j SNAT --to $OFFICIAL_IP_of_2nd_Interface
Greets
Tobias
On Fri, 19 Apr 2002 11:34:21 -0400
"Adrian Chung" <adrian@enfusion-group.com> wrote:
> On Fri, Apr 19, 2002 at 03:18:01PM +0200, Tobias wrote:
> [...]
> > Unfortinuatly netfilter can only set MARKs in the moment the
> > packets travers the INPUT Queue (of corresponding interface).
> >
> > -->
> > netfilter is not able to set mark for _local_ created packets,
> > because the INPUT Queue of netfilter is not passed.
> >
> > => In fact the MARK mechanism can only be used for incoming packets.
>
> Prior to 2.4.18, the 'mangle' table had PREROUTING (for incoming
> packets prior to routing) and OUTPUT (for locally generated packets)
> chains. After 2.4.18, there are INPUT, FORWARD, and POSTROUTING
> chains as well.
>
> I'm using the OUTPUT chain of the 'mangle' table to set-tos values,
> but I'm pretty sure I can --set-mark instead. I'm unable to test it
> at the moment though.
>
> --
> Adrian Chung (adrian at enfusion-group dot com)
> http://www.enfusion-group.com/~adrian
> GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
> [toad.enfusion-group.com] up 26 days, 21:07, 16 users
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-04-19 18:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-19 13:18 [LARTC] Routing based on source port - Solution ? Tobias
2002-04-19 14:11 ` Daniel Ahlberg
2002-04-19 15:31 ` Greg Scott
2002-04-19 15:34 ` Adrian Chung
2002-04-19 18:59 ` Tobias [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101924270815573@msgid-missing \
--to=medlor@web.de \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.