From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arthur van Leeuwen Date: Sat, 27 Apr 2002 08:25:24 +0000 Subject: Re: [LARTC] Fwmark problem - policy routing does not work. Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Fri, 26 Apr 2002, Adrian Chung wrote: > When you add a route that sets a src like: > > ip route add table 192.168.1.0/24 src 192.168.1.11 dev eth0 > > The "src" doesn't specify the source IP to put in the packet (it's not > network address translation, like SNAT in iptables), it just specifies > which local source IP the routing mechanisms should use to determine > where to route the packet. Actually, it is more subtle than that. The 'src' *does* specify the source IP to put in the packet *if* the packet doesn't have a source IP yet. This only holds true for packets generated locally. > For example, I've got policy routing setup with FreeS/WAN on a gateway > with an internal and external interface, where I do: > > # ip rule add table 1 prio 100 > # ip route add table 1 dev ipsec0 src > > This forces the box to route all packets to the remote LAN via the > internal interface, rather than the external interface. > > However, the packets that show up at the other end don't contain a > source IP of from the table 1 route, rather they contain the > source IP of the client machine that sent them. > This led me to believe that the "src" option only adjusts the way the > routing machinery in the kernel decides where and how to route the > packet, but doesn't change/rewrite the source address in the packets > themselves. It does not. The ip rule does that. Routing does not mangle packets, unless the packet is locally generated and incomplete. Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don't need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there's nobody watching _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/