From: Marco Gaiarin <gaio@sv.lnf.it>
To: lartc@vger.kernel.org
Subject: Policy routing (fwmark-based) and local traffic...
Date: Tue, 30 Jul 2019 12:32:07 +0000 [thread overview]
Message-ID: <20190730123207.GE2430@sv.lnf.it> (raw)
I was trying to setup some policy routing (using iptables fwmark) for
local traffic; i've just in place rules for forward traffic (in
PREROUTING chain, mangle table) and works as expected.
EG:
ulysses:~# ip rule show
0: from all lookup local
32762: from all fwmark 0x30/0xf0 lookup FIBRA
32763: from 192.168.178.2 lookup FIBRA
32764: from all fwmark 0x20/0xf0 lookup ADSL2
32765: from 194.243.231.54 lookup ADSL2
32766: from all lookup main
32767: from all lookup default
and
ulysses:~# iptables -t mangle -vnL PREROUTING
Chain PREROUTING (policy ACCEPT 278K packets, 175M bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- * * 0.0.0.0/0 173.194.79.109 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
0 0 MARK tcp -- * * 0.0.0.0/0 173.194.79.108 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
1488 311K MARK tcp -- * * 0.0.0.0/0 173.194.76.109 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
143 99494 MARK tcp -- * * 0.0.0.0/0 173.194.76.108 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
[...]
I've tried to setup the same thing for local generated traffic but...
i've discovered that the 'routing decision' happen BEFORE iptables
tables (so, simply, fwmarks get ignored).
It is true or i'm missing something? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
next reply other threads:[~2019-07-30 12:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-30 12:32 Marco Gaiarin [this message]
2019-07-30 12:41 ` Policy routing (fwmark-based) and local traffic Florian Westphal
2019-07-30 13:00 ` Marco Gaiarin
2019-07-30 13:46 ` Florian Westphal
2019-07-30 14:12 ` Marco Gaiarin
2019-07-31 1:34 ` Grant Taylor
2019-07-31 9:10 ` Marco Gaiarin
2019-08-05 1:46 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190730123207.GE2430@sv.lnf.it \
--to=gaio@sv.lnf.it \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox