From: "Catalin Borcea" <catalin@electricant.ambra.ro>
To: lartc@vger.kernel.org
Subject: [LARTC] OUTPUT chain marking after or before routing?
Date: Thu, 17 Jul 2003 05:37:09 +0000 [thread overview]
Message-ID: <marc-lartc-105842045025983@msgid-missing> (raw)
Hello,
I have a Linux box with 3 network adapters:
eth0 : IP:10.200.0.1/24
eth1/ppp0: IP:80.97.105.98
eth2 : IP:192.168.1.100/24
I want that all the Internet traffic goes to the eth2 interface except the
smtp traffic that I want to go to the ppp0 interface. The main routing table
is:
172.16.20.1 dev ppp0 proto kernel scope link src 80.97.105.98
192.168.1.0/24 dev eth2 scope link
10.200.0.0/24 dev eth0 scope link
192.168.254.0/24 dev eth1 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth2
I decided to use netfilter to mark the packets that leave the gateway from
and to the smtp port. I do this in the OUTPUT chain of the mangle table. So,
according to the docs, the marking will occur before routing for locally
generated packets:
$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2
$IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2
Then I define a new routing table (named "smtp") and a rule to redirect smtp
packets to this table. The output of "ip rule ls" is:
# 0: from all lookup local
# 32765: from all fwmark 2 lookup smtp
# 32766: from all lookup main
# 32767: from all lookup 253
In table "smtp" I defined a default route by the dev ppp0. The output of "ip
route ls table smtp" is:
# default dev ppp0
When I try to connect to a smtp port somewhere in the Internet, tcpdump show
me that these packets go to the eth2 interface (the main table default
route). I don't know where is my mistake but it seems that the marking in
the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct
behaviour? How can I solve my problem? Please help!
TIA
- catalin -
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2003-07-17 5:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-17 5:37 Catalin Borcea [this message]
2003-07-17 6:04 ` [LARTC] OUTPUT chain marking after or before routing? ???????? ?????
2003-07-17 6:31 ` Catalin Borcea
2003-07-17 6:37 ` ???????? ?????
2003-07-17 7:15 ` Catalin Borcea
2003-07-17 7:32 ` ???????? ?????
2003-07-17 14:08 ` Chijioke Kalu
2003-07-17 15:55 ` Martin A. Brown
2003-07-17 16:50 ` lartc
2003-07-18 5:04 ` Catalin Borcea
2003-07-18 18:41 ` Martin A. Brown
2003-07-18 18:46 ` Martin A. Brown
2003-07-19 7:45 ` lartc
2003-07-20 15:19 ` Leonardo Balliache
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105842045025983@msgid-missing \
--to=catalin@electricant.ambra.ro \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.