From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jason A. Pattie" Date: Wed, 15 May 2002 16:47:16 +0000 Subject: Re: [LARTC] iproute + mark question Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Thanks for the response. Ciprian Niculescu wrote: > steps: > - mark pachets to port 80 comming from the internal interface > - put them in a different routing table > - put the default in the new table where do you want to go > >> It seems that 'iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK >> --set-mark 0x1' works, because iptables -t mangle -L -v outputs >> packet count sizes and shows that the specific rules are being matched. >> >>> ip rule add fwmark 0x1 table 230 >>> ip route add default via 194... table 230 >> > > > i sugest that you mark pachets in the PREROUTING with: > iptables -t mangle -A PREROUTING -i -p tcp \ > --dport 80 -j MARK --set-mark 0x1 sorry, forgot to mention this. We have done this. When doing a tcpdump on the cable modem, we were seeing packets coming back from (say) yahoo.com around 10-15 seconds after sending them with the IP address of the iDSL circuit!! which doesn't make sense at all. > after put the > ip rule add fwmark 0x1 table 230 > ip route add default via 194... table 230 > > to be the last lines executed in the script, in this way the rule will > be threated first, see with "ip rule" the order ok. > hope that helps thanks. -- Jason A. Pattie pattieja@pcxperience.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/