[LARTC] marking in OUTPUT --mangle; locally generated packets and route

[LARTC] marking in OUTPUT --mangle; locally generated packets and route

[lartc]

hello all,

i have come accross a curious issue:

+----------------------+            +---------------+
| eth1   192.168.1.1   |------------| 192.168.1.250 |
| eth1:1 192.168.1.101 |            |               |
+----------------------+            +---------------+


iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2
ip rule add fwmark 0x2 table 2
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2
ip route flush cache


telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1


ip rule add to 192.168.1.250 table 2
ip route flush cache


telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101



are there issues concerning the marking of OUTPUT packets generated on
the local box that i should be aware of?


many, many thanks

charles




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] marking in OUTPUT --mangle; locally generated packets

[Patrick McHardy]

I tested your setup and it works fine (with 2.5 though). Are you sure 
you have
CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won't give
errors if not ..

Bye
Patrick

lartc@manchotnetworks.net wrote:

>hello all,
>
>i have come accross a curious issue:
>
>+----------------------+            +---------------+
>| eth1   192.168.1.1   |------------| 192.168.1.250 |
>| eth1:1 192.168.1.101 |            |               |
>+----------------------+            +---------------+
>
>
>iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2
>ip rule add fwmark 0x2 table 2
>ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2
>ip route flush cache
>
>
>telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1
>
>
>ip rule add to 192.168.1.250 table 2
>ip route flush cache
>
>
>telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101
>
>
>
>are there issues concerning the marking of OUTPUT packets generated on
>the local box that i should be aware of?
>
>
>many, many thanks
>
>charles
>
>
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>  
>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] marking in OUTPUT --mangle; locally generated packets

[lartc]

Hi Patrick,

Sincere thanks for your time & help!

> i assume you mean CONFIG_IP_ROUTE_FWMARK and not
> CONFIG_IP_NF_TARGET_MARK.
Yup -- sorry!

> i would start with putting some printks in ipt_local_hook
> (net/ipv4/netfilter/iptable_mangle.c) before the call to ip_route_me_harder
> and in ip_route_me_harder (net/core/netfilter.c) itself.
Trying this today ...


Kindest Regards

Charles Shick



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/