From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nuno Miguel Pais Fernandes Date: Tue, 12 Nov 2002 17:53:12 +0000 Subject: Re: [LARTC] problem in routing MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-/SgRZJkQDwEiKh0kOM2g" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --=-/SgRZJkQDwEiKh0kOM2g Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Dam :) The reason why i mark the packets in the linux box is because the router is a minimlistic kernel.. without mangle support :( I'll try it and then put the notes in the mailling list if i succeed :) Thanks anyway. On Tue, 2002-11-12 at 16:19, Martin A. Brown wrote: > : Ok.. > : i've done that without success. > : Please watch that the routing is made in the router machine and the > : marking is made in the linux box before and because of that it doesn't > : matter where i mark the packets. >=20 > Ah, now I understand! But it does matter, tremendously. >=20 > I didn't perceive in your previous post that you had two hosts. Perhaps = I=20 > was being dense. >=20 > The "fwmark" is a field on the packet which only exists in the data=20 > structure used to represent the packet on a single machine. In short, th= e=20 > fwmark does not survive a single machine. As soon as the packet is=20 > transmitted, the fwmark is lost. >=20 > You could use the mangle table with the TOS target and then change your i= p > rule to route based on ToS. I'm unsure of the implications for your > network, but this is a possible solution. If you modify the ToS on the=20 > packet, this will be visible to other hosts. >=20 > Good luck, >=20 > -Martin >=20 > : Thanks anyway > : Nuno Fernandes > :=20 > : On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote: > : > Hello Nuno, > : >=20 > : > I'd suggest s/POSTROUTING/PREROUTING/ here: > : >=20 > : > : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK > : > : --set-mark 21 > : > :=20 > : > : In my ROUTER i want to redirect packets according to MARK and i'm= doing: > : > :=20 > : > : root@euroter(~)# more /etc/iproute2/rt_tables=20 > : > : 255 local > : > : 254 main > : > : 253 default > : > : 200 over > : >=20 > : > Consult Stef Coene's kernel packet traveling diagram, which should=20 > : > explain (visually) why you want to mark the packet before the routin= g=20 > : > stage. > : >=20 > : > http://www.docum.org/stef.coene/qos/kptd/ > : >=20 > : > : root@euroter(~)# ip route ls table over > : > : default via XXX.XXX.XXX.XXX dev eth1 > : > :=20 > : > : where XXX.XXX.XXX.XXX is the gateway of the provider 1. > : > : > : > : Doing ip rule ls, i can see that all packets with mark 21 go to t= able > : > : over. > : > : root@euroter(~)# ip rule ls=20 > : > : 0: from all lookup local=20 > : > : 32765: from all fwmark 21 lookup over=20 > : > : 32766: from all lookup main=20 > : > : 32767: from all lookup default=20 > : >=20 > : > Naturally, the RPDB (displayed with "ip rule show") is consulted as = part=20 > : > of the routing process. > : >=20 > : > So, in short, your host euroter is doing as follows: > : >=20 > : > - routing the packet > : > - marking the packet > : > - transmitting via provider2 > : >=20 > : > : And table over only has default gw, but when i do a > : > : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1. > : >=20 > : > Good luck, > : >=20 > : > -Martin > :=20 --=20 Nuno Miguel Pais Fernandes Eurotux S.A. --=-/SgRZJkQDwEiKh0kOM2g Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA90UAHbJtoPy2XRQkRAuBAAJ4hkUipvWiQ6GnHr7LxZZupCH8FbACeLEEK YjrHulMezl7YltoIMlDz0vU= =egaM -----END PGP SIGNATURE----- --=-/SgRZJkQDwEiKh0kOM2g-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/