[LARTC] RPDB && routing locally generated (and marked) traffic

[LARTC] RPDB && routing locally generated (and marked) traffic

[Martin A. Brown]

Hello all,

I'm using iproute2 + ipchains and have a question about locally generated 
packets.

I have noticed that I have no problem marking packets in the input chain 
from sources other than my router.  These packets are marked and routed 
exactly as I expect.

Now supposing I want to mark particular outbound packets which are locally 
generated.  The only solution I have found so far
(http://www.quintillion.com/moat/ipsec+routing/iproute2.html) suggests

# ip rule add iif lo lookup $other

But the side effects are tremendous.  All of the processes on this box 
suddenly start using the $other routing table (exactly as I told them 
to!), which is not what I desire.

If I try marking the special locally generated packets with

# ipchains -I input -p tcp -s $OUTIF $PORT -d $ALL -m $other -j ACCEPT

nothing changes.  The return traffic ends up flowing out my main link 
according to my main routing table.

When I look at the ipchains HOWTO on how packets traverse filters,

  http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-4.html#ss4.1

I fear that the routing decision has already been made by the time the 
local process is generating a packet.

Is there any way around this problem?

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com






_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/