From: Arthur van Leeuwen <arthurvl@sci.kun.nl>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Fwmark problem - policy routing does not work.
Date: Sat, 27 Apr 2002 08:25:24 +0000 [thread overview]
Message-ID: <marc-lartc-101989599729049@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101958268206904@msgid-missing>
On Fri, 26 Apr 2002, Adrian Chung wrote:
> When you add a route that sets a src like:
>
> ip route add table <table> 192.168.1.0/24 src 192.168.1.11 dev eth0
>
> The "src" doesn't specify the source IP to put in the packet (it's not
> network address translation, like SNAT in iptables), it just specifies
> which local source IP the routing mechanisms should use to determine
> where to route the packet.
Actually, it is more subtle than that. The 'src' *does* specify the source
IP to put in the packet *if* the packet doesn't have a source IP yet. This
only holds true for packets generated locally.
> For example, I've got policy routing setup with FreeS/WAN on a gateway
> with an internal and external interface, where I do:
>
> # ip rule add table 1 prio 100
> # ip route add table 1 <remoteLAN> dev ipsec0 src <localIP>
>
> This forces the box to route all packets to the remote LAN via the
> internal interface, rather than the external interface.
>
> However, the packets that show up at the other end don't contain a
> source IP of <localIP> from the table 1 route, rather they contain the
> source IP of the client machine that sent them.
> This led me to believe that the "src" option only adjusts the way the
> routing machinery in the kernel decides where and how to route the
> packet, but doesn't change/rewrite the source address in the packets
> themselves.
It does not. The ip rule does that. Routing does not mangle packets, unless
the packet is locally generated and incomplete.
Doei, Arthur.
--
/\ / | arthurvl@sci.kun.nl | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2002-04-27 8:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-23 17:23 [LARTC] Fwmark problem - policy routing does not work Thilo Schulz
2002-04-24 11:42 ` Thilo Schulz
2002-04-24 11:50 ` Stef Coene
2002-04-24 12:40 ` Thilo Schulz
2002-04-26 19:44 ` Adrian Chung
2002-04-26 20:01 ` Thilo Schulz
2002-04-26 20:08 ` Adrian Chung
2002-04-27 8:25 ` Arthur van Leeuwen [this message]
2002-04-27 8:51 ` Thilo Schulz
2002-04-27 10:04 ` Julian Anastasov
2002-04-27 11:40 ` Adrian Chung
2002-04-27 12:02 ` Arthur van Leeuwen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101989599729049@msgid-missing \
--to=arthurvl@sci.kun.nl \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.