From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?windows-1252?Q?=3F=3F=3F=3F=3F=3F=3F=3F_=3F=3F=3F=3F=3F?= Date: Thu, 17 Jul 2003 06:04:18 +0000 Subject: Re: [LARTC] OUTPUT chain marking after or before routing? Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hello dear Catalin, Well the only mistake you made is that you placed hte mark filters on the output of the interface. I suggest you to park them in the PREROUTING chain and not in the output. It works fine to me. Best regards Stamatis Catalin Borcea wrote: >Hello, >I have a Linux box with 3 network adapters: >eth0 : IP:10.200.0.1/24 >eth1/ppp0: IP:80.97.105.98 >eth2 : IP:192.168.1.100/24 > >I want that all the Internet traffic goes to the eth2 interface except the >smtp traffic that I want to go to the ppp0 interface. The main routing table >is: >172.16.20.1 dev ppp0 proto kernel scope link src 80.97.105.98 >192.168.1.0/24 dev eth2 scope link >10.200.0.0/24 dev eth0 scope link >192.168.254.0/24 dev eth1 scope link >127.0.0.0/8 dev lo scope link >default via 192.168.1.1 dev eth2 > > >I decided to use netfilter to mark the packets that leave the gateway from >and to the smtp port. I do this in the OUTPUT chain of the mangle table. So, >according to the docs, the marking will occur before routing for locally >generated packets: > >$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2 >$IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2 > >Then I define a new routing table (named "smtp") and a rule to redirect smtp >packets to this table. The output of "ip rule ls" is: ># 0: from all lookup local ># 32765: from all fwmark 2 lookup smtp ># 32766: from all lookup main ># 32767: from all lookup 253 > >In table "smtp" I defined a default route by the dev ppp0. The output of "ip >route ls table smtp" is: ># default dev ppp0 > >When I try to connect to a smtp port somewhere in the Internet, tcpdump show >me that these packets go to the eth2 interface (the main table default >route). I don't know where is my mistake but it seems that the marking in >the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct >behaviour? How can I solve my problem? Please help! > >TIA >- catalin - > > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/