From: "???????? ?????" <skekes@pylones.gr>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] OUTPUT chain marking after or before routing?
Date: Thu, 17 Jul 2003 06:04:18 +0000 [thread overview]
Message-ID: <marc-lartc-105842184026708@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105842045025983@msgid-missing>
Hello dear Catalin,
Well the only mistake you made is that you placed hte mark filters on
the output of the interface.
I suggest you to park them in the PREROUTING chain and not in the
output. It works fine to me.
Best regards
Stamatis
Catalin Borcea wrote:
>Hello,
>I have a Linux box with 3 network adapters:
>eth0 : IP:10.200.0.1/24
>eth1/ppp0: IP:80.97.105.98
>eth2 : IP:192.168.1.100/24
>
>I want that all the Internet traffic goes to the eth2 interface except the
>smtp traffic that I want to go to the ppp0 interface. The main routing table
>is:
>172.16.20.1 dev ppp0 proto kernel scope link src 80.97.105.98
>192.168.1.0/24 dev eth2 scope link
>10.200.0.0/24 dev eth0 scope link
>192.168.254.0/24 dev eth1 scope link
>127.0.0.0/8 dev lo scope link
>default via 192.168.1.1 dev eth2
>
>
>I decided to use netfilter to mark the packets that leave the gateway from
>and to the smtp port. I do this in the OUTPUT chain of the mangle table. So,
>according to the docs, the marking will occur before routing for locally
>generated packets:
>
>$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2
>$IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2
>
>Then I define a new routing table (named "smtp") and a rule to redirect smtp
>packets to this table. The output of "ip rule ls" is:
># 0: from all lookup local
># 32765: from all fwmark 2 lookup smtp
># 32766: from all lookup main
># 32767: from all lookup 253
>
>In table "smtp" I defined a default route by the dev ppp0. The output of "ip
>route ls table smtp" is:
># default dev ppp0
>
>When I try to connect to a smtp port somewhere in the Internet, tcpdump show
>me that these packets go to the eth2 interface (the main table default
>route). I don't know where is my mistake but it seems that the marking in
>the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct
>behaviour? How can I solve my problem? Please help!
>
>TIA
>- catalin -
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-07-17 6:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-17 5:37 [LARTC] OUTPUT chain marking after or before routing? Catalin Borcea
2003-07-17 6:04 ` ???????? ????? [this message]
2003-07-17 6:31 ` Catalin Borcea
2003-07-17 6:37 ` ???????? ?????
2003-07-17 7:15 ` Catalin Borcea
2003-07-17 7:32 ` ???????? ?????
2003-07-17 14:08 ` Chijioke Kalu
2003-07-17 15:55 ` Martin A. Brown
2003-07-17 16:50 ` lartc
2003-07-18 5:04 ` Catalin Borcea
2003-07-18 18:41 ` Martin A. Brown
2003-07-18 18:46 ` Martin A. Brown
2003-07-19 7:45 ` lartc
2003-07-20 15:19 ` Leonardo Balliache
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105842184026708@msgid-missing \
--to=skekes@pylones.gr \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.