From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ciprian Niculescu Date: Wed, 15 May 2002 16:27:08 +0000 Subject: Re: [LARTC] iproute + mark question Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org i did my work, my problem was that are diferences between HOWTO and realyty. so let's see your problem Jason A. Pattie wrote: > > We have almost the same scenario except we need to use tcp instead of > udp and we want to direct all port 80 traffic from the internal network > out our new cable modem instead of using the older (slower) iDSL circuit. steps: - mark pachets to port 80 comming from the internal interface - put them in a different routing table - put the default in the new table where do you want to go > >> so iptables -A OUTPUT -t mangle -p udp --dport 50000:51000 -j MARK >> --set-to 0x1 > > I think this ^^^^^ needs to be > --set-mark? yes, you right, i wrote the line from memory, not copy&paste :)) > > It seems that 'iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK > --set-mark 0x1' works, because iptables -t mangle -L -v outputs packet > count sizes and shows that the specific rules are being matched. > >> ip rule add fwmark 0x1 table 230 >> ip route add default via 194... table 230 i sugest that you mark pachets in the PREROUTING with: iptables -t mangle -A PREROUTING -i -p tcp \ --dport 80 -j MARK --set-mark 0x1 after put the ip rule add fwmark 0x1 table 230 ip route add default via 194... table 230 to be the last lines executed in the script, in this way the rule will be threated first, see with "ip rule" the order hope that helps C _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/