* [LARTC] problem in routing
@ 2002-11-12 15:13 Nuno Miguel Pais Fernandes
2002-11-12 15:51 ` Martin A. Brown
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Nuno Miguel Pais Fernandes @ 2002-11-12 15:13 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1484 bytes --]
Hello
I'm implementing Advanced Routing in my redhat linux pc like this:
------------------------
------| provider1 (with dhcp)
------------- | ------------------------
HOME NETWORK|--Linux1--ROUTER
------------- | ------------------------
------| provider2 (fixed ip) |
------------------------
My home network has private ips like 10.10.1.0/24 and linux1 is SNATing
all accesses to a public ip like 198.198.198.198 and marking packets
like
iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
--set-mark 21
In my ROUTER i want to redirect packets according to MARK and i'm doing:
root@euroter(~)# more /etc/iproute2/rt_tables
255 local
254 main
253 default
200 over
root@euroter(~)# ip route ls table over
default via XXX.XXX.XXX.XXX dev eth1
where XXX.XXX.XXX.XXX is the gateway of the provider 1.
Doing ip rule ls, i can see that all packets with mark 21 go to table
over.
root@euroter(~)# ip rule ls
0: from all lookup local
32765: from all fwmark 21 lookup over
32766: from all lookup main
32767: from all lookup default
And table over only has default gw, but when i do a
ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
Thanks for everything
Nuno Fernandes
--
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] problem in routing
2002-11-12 15:13 [LARTC] problem in routing Nuno Miguel Pais Fernandes
@ 2002-11-12 15:51 ` Martin A. Brown
2002-11-12 16:13 ` Nuno Miguel Pais Fernandes
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Martin A. Brown @ 2002-11-12 15:51 UTC (permalink / raw)
To: lartc
Hello Nuno,
I'd suggest s/POSTROUTING/PREROUTING/ here:
: iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
: --set-mark 21
:
: In my ROUTER i want to redirect packets according to MARK and i'm doing:
:
: root@euroter(~)# more /etc/iproute2/rt_tables
: 255 local
: 254 main
: 253 default
: 200 over
Consult Stef Coene's kernel packet traveling diagram, which should
explain (visually) why you want to mark the packet before the routing
stage.
http://www.docum.org/stef.coene/qos/kptd/
: root@euroter(~)# ip route ls table over
: default via XXX.XXX.XXX.XXX dev eth1
:
: where XXX.XXX.XXX.XXX is the gateway of the provider 1.
:
: Doing ip rule ls, i can see that all packets with mark 21 go to table
: over.
: root@euroter(~)# ip rule ls
: 0: from all lookup local
: 32765: from all fwmark 21 lookup over
: 32766: from all lookup main
: 32767: from all lookup default
Naturally, the RPDB (displayed with "ip rule show") is consulted as part
of the routing process.
So, in short, your host euroter is doing as follows:
- routing the packet
- marking the packet
- transmitting via provider2
: And table over only has default gw, but when i do a
: ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
Good luck,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] problem in routing
2002-11-12 15:13 [LARTC] problem in routing Nuno Miguel Pais Fernandes
2002-11-12 15:51 ` Martin A. Brown
@ 2002-11-12 16:13 ` Nuno Miguel Pais Fernandes
2002-11-12 16:19 ` Martin A. Brown
2002-11-12 17:53 ` Nuno Miguel Pais Fernandes
3 siblings, 0 replies; 5+ messages in thread
From: Nuno Miguel Pais Fernandes @ 2002-11-12 16:13 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1829 bytes --]
On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
> Hello Nuno,
>
> I'd suggest s/POSTROUTING/PREROUTING/ here:
>
> : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
> : --set-mark 21
> :
Ok..
i've done that without success.
Please watch that the routing is made in the router machine and the
marking is made in the linux box before and because of that it doesn't
matter where i mark the packets.
Thanks anyway
Nuno Fernandes
> : In my ROUTER i want to redirect packets according to MARK and i'm doing:
> :
> : root@euroter(~)# more /etc/iproute2/rt_tables
> : 255 local
> : 254 main
> : 253 default
> : 200 over
>
> Consult Stef Coene's kernel packet traveling diagram, which should
> explain (visually) why you want to mark the packet before the routing
> stage.
>
> http://www.docum.org/stef.coene/qos/kptd/
>
> : root@euroter(~)# ip route ls table over
> : default via XXX.XXX.XXX.XXX dev eth1
> :
> : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
> :
> : Doing ip rule ls, i can see that all packets with mark 21 go to table
> : over.
> : root@euroter(~)# ip rule ls
> : 0: from all lookup local
> : 32765: from all fwmark 21 lookup over
> : 32766: from all lookup main
> : 32767: from all lookup default
>
> Naturally, the RPDB (displayed with "ip rule show") is consulted as part
> of the routing process.
>
> So, in short, your host euroter is doing as follows:
>
> - routing the packet
> - marking the packet
> - transmitting via provider2
>
> : And table over only has default gw, but when i do a
> : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
>
> Good luck,
>
> -Martin
--
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] problem in routing
2002-11-12 15:13 [LARTC] problem in routing Nuno Miguel Pais Fernandes
2002-11-12 15:51 ` Martin A. Brown
2002-11-12 16:13 ` Nuno Miguel Pais Fernandes
@ 2002-11-12 16:19 ` Martin A. Brown
2002-11-12 17:53 ` Nuno Miguel Pais Fernandes
3 siblings, 0 replies; 5+ messages in thread
From: Martin A. Brown @ 2002-11-12 16:19 UTC (permalink / raw)
To: lartc
: Ok..
: i've done that without success.
: Please watch that the routing is made in the router machine and the
: marking is made in the linux box before and because of that it doesn't
: matter where i mark the packets.
Ah, now I understand! But it does matter, tremendously.
I didn't perceive in your previous post that you had two hosts. Perhaps I
was being dense.
The "fwmark" is a field on the packet which only exists in the data
structure used to represent the packet on a single machine. In short, the
fwmark does not survive a single machine. As soon as the packet is
transmitted, the fwmark is lost.
You could use the mangle table with the TOS target and then change your ip
rule to route based on ToS. I'm unsure of the implications for your
network, but this is a possible solution. If you modify the ToS on the
packet, this will be visible to other hosts.
Good luck,
-Martin
: Thanks anyway
: Nuno Fernandes
:
: On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
: > Hello Nuno,
: >
: > I'd suggest s/POSTROUTING/PREROUTING/ here:
: >
: > : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
: > : --set-mark 21
: > :
: > : In my ROUTER i want to redirect packets according to MARK and i'm doing:
: > :
: > : root@euroter(~)# more /etc/iproute2/rt_tables
: > : 255 local
: > : 254 main
: > : 253 default
: > : 200 over
: >
: > Consult Stef Coene's kernel packet traveling diagram, which should
: > explain (visually) why you want to mark the packet before the routing
: > stage.
: >
: > http://www.docum.org/stef.coene/qos/kptd/
: >
: > : root@euroter(~)# ip route ls table over
: > : default via XXX.XXX.XXX.XXX dev eth1
: > :
: > : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
: > :
: > : Doing ip rule ls, i can see that all packets with mark 21 go to table
: > : over.
: > : root@euroter(~)# ip rule ls
: > : 0: from all lookup local
: > : 32765: from all fwmark 21 lookup over
: > : 32766: from all lookup main
: > : 32767: from all lookup default
: >
: > Naturally, the RPDB (displayed with "ip rule show") is consulted as part
: > of the routing process.
: >
: > So, in short, your host euroter is doing as follows:
: >
: > - routing the packet
: > - marking the packet
: > - transmitting via provider2
: >
: > : And table over only has default gw, but when i do a
: > : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
: >
: > Good luck,
: >
: > -Martin
:
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LARTC] problem in routing
2002-11-12 15:13 [LARTC] problem in routing Nuno Miguel Pais Fernandes
` (2 preceding siblings ...)
2002-11-12 16:19 ` Martin A. Brown
@ 2002-11-12 17:53 ` Nuno Miguel Pais Fernandes
3 siblings, 0 replies; 5+ messages in thread
From: Nuno Miguel Pais Fernandes @ 2002-11-12 17:53 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 3144 bytes --]
Dam :)
The reason why i mark the packets in the linux box is because the router
is a minimlistic kernel.. without mangle support :(
I'll try it and then put the notes in the mailling list if i succeed :)
Thanks anyway.
On Tue, 2002-11-12 at 16:19, Martin A. Brown wrote:
> : Ok..
> : i've done that without success.
> : Please watch that the routing is made in the router machine and the
> : marking is made in the linux box before and because of that it doesn't
> : matter where i mark the packets.
>
> Ah, now I understand! But it does matter, tremendously.
>
> I didn't perceive in your previous post that you had two hosts. Perhaps I
> was being dense.
>
> The "fwmark" is a field on the packet which only exists in the data
> structure used to represent the packet on a single machine. In short, the
> fwmark does not survive a single machine. As soon as the packet is
> transmitted, the fwmark is lost.
>
> You could use the mangle table with the TOS target and then change your ip
> rule to route based on ToS. I'm unsure of the implications for your
> network, but this is a possible solution. If you modify the ToS on the
> packet, this will be visible to other hosts.
>
> Good luck,
>
> -Martin
>
> : Thanks anyway
> : Nuno Fernandes
> :
> : On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote:
> : > Hello Nuno,
> : >
> : > I'd suggest s/POSTROUTING/PREROUTING/ here:
> : >
> : > : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK
> : > : --set-mark 21
> : > :
> : > : In my ROUTER i want to redirect packets according to MARK and i'm doing:
> : > :
> : > : root@euroter(~)# more /etc/iproute2/rt_tables
> : > : 255 local
> : > : 254 main
> : > : 253 default
> : > : 200 over
> : >
> : > Consult Stef Coene's kernel packet traveling diagram, which should
> : > explain (visually) why you want to mark the packet before the routing
> : > stage.
> : >
> : > http://www.docum.org/stef.coene/qos/kptd/
> : >
> : > : root@euroter(~)# ip route ls table over
> : > : default via XXX.XXX.XXX.XXX dev eth1
> : > :
> : > : where XXX.XXX.XXX.XXX is the gateway of the provider 1.
> : > :
> : > : Doing ip rule ls, i can see that all packets with mark 21 go to table
> : > : over.
> : > : root@euroter(~)# ip rule ls
> : > : 0: from all lookup local
> : > : 32765: from all fwmark 21 lookup over
> : > : 32766: from all lookup main
> : > : 32767: from all lookup default
> : >
> : > Naturally, the RPDB (displayed with "ip rule show") is consulted as part
> : > of the routing process.
> : >
> : > So, in short, your host euroter is doing as follows:
> : >
> : > - routing the packet
> : > - marking the packet
> : > - transmitting via provider2
> : >
> : > : And table over only has default gw, but when i do a
> : > : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1.
> : >
> : > Good luck,
> : >
> : > -Martin
> :
--
Nuno Miguel Pais Fernandes <npf@eurotux.com>
Eurotux S.A.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-11-12 17:53 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-11-12 15:13 [LARTC] problem in routing Nuno Miguel Pais Fernandes
2002-11-12 15:51 ` Martin A. Brown
2002-11-12 16:13 ` Nuno Miguel Pais Fernandes
2002-11-12 16:19 ` Martin A. Brown
2002-11-12 17:53 ` Nuno Miguel Pais Fernandes
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.