All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Catalin Borcea" <catalin@electricant.ambra.ro>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] OUTPUT chain marking after or before routing?
Date: Thu, 17 Jul 2003 06:31:11 +0000	[thread overview]
Message-ID: <marc-lartc-105842436128283@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105842045025983@msgid-missing>

Hello,
I tried to mark the packets in the PREROUTING chain but still doesn't work.
Now the packets are no marked anymore when they go out by the eth2
interface. When I marked them in the OUTPUT chain they arrived also to the
eth2 interface but marked. According to the docs the PREROUTING chain is not
traversed by locally generated packets so, I don't know how this works for
you. Maybe you have forwarded packets and not locally generated packets.

- catalin -

----- Original Message -----
From: "???????? ?????" <skekes@pylones.gr>
To: "Catalin Borcea" <catalin@electricant.ambra.ro>
Cc: <lartc@mailman.ds9a.nl>
Sent: Thursday, July 17, 2003 9:04 AM
Subject: Re: [LARTC] OUTPUT chain marking after or before routing?


> Hello dear Catalin,
> Well the only mistake you made is that you placed hte mark filters on
> the output of the interface.
> I suggest you to park them in the PREROUTING chain and not in the
> output. It works fine to me.
> Best regards
>   Stamatis
> Catalin Borcea wrote:
>
> >Hello,
> >I have a Linux box with 3 network adapters:
> >eth0 : IP:10.200.0.1/24
> >eth1/ppp0: IP:80.97.105.98
> >eth2 : IP:192.168.1.100/24
> >
> >I want that all the Internet traffic goes to the eth2 interface except
the
> >smtp traffic that I want to go to the ppp0 interface. The main routing
table
> >is:
> >172.16.20.1 dev ppp0  proto kernel  scope link  src 80.97.105.98
> >192.168.1.0/24 dev eth2  scope link
> >10.200.0.0/24 dev eth0  scope link
> >192.168.254.0/24 dev eth1  scope link
> >127.0.0.0/8 dev lo  scope link
> >default via 192.168.1.1 dev eth2
> >
> >
> >I decided to use netfilter to mark the packets that leave the gateway
from
> >and to the smtp port. I do this in the OUTPUT chain of the mangle table.
So,
> >according to the docs, the marking will occur before routing for locally
> >generated packets:
> >
> >$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2
> >$IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2
> >
> >Then I define a new routing table (named "smtp") and a rule to redirect
smtp
> >packets to this table. The output of "ip rule ls" is:
> ># 0:      from all lookup local
> ># 32765:  from all fwmark        2 lookup smtp
> ># 32766:  from all lookup main
> ># 32767:  from all lookup 253
> >
> >In table "smtp" I defined a default route by the dev ppp0. The output of
"ip
> >route ls table smtp" is:
> ># default dev ppp0
> >
> >When I try to connect to a smtp port somewhere in the Internet, tcpdump
show
> >me that these packets go to the eth2 interface (the main table default
> >route). I don't know where is my mistake but it seems that the marking in
> >the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct
> >behaviour? How can I solve my problem? Please help!
> >
> >TIA
> >- catalin -
> >
> >
> >_______________________________________________
> >LARTC mailing list / LARTC@mailman.ds9a.nl
> >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> >
> >
>
>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

  parent reply	other threads:[~2003-07-17  6:31 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-17  5:37 [LARTC] OUTPUT chain marking after or before routing? Catalin Borcea
2003-07-17  6:04 ` ???????? ?????
2003-07-17  6:31 ` Catalin Borcea [this message]
2003-07-17  6:37 ` ???????? ?????
2003-07-17  7:15 ` Catalin Borcea
2003-07-17  7:32 ` ???????? ?????
2003-07-17 14:08 ` Chijioke Kalu
2003-07-17 15:55 ` Martin A. Brown
2003-07-17 16:50 ` lartc
2003-07-18  5:04 ` Catalin Borcea
2003-07-18 18:41 ` Martin A. Brown
2003-07-18 18:46 ` Martin A. Brown
2003-07-19  7:45 ` lartc
2003-07-20 15:19 ` Leonardo Balliache

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=marc-lartc-105842436128283@msgid-missing \
    --to=catalin@electricant.ambra.ro \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.