[LARTC] policy routing

[LARTC] policy routing

[Gregory OSINAIKE]

Hello,

I'm trying to route packets based on 'mark' numbers i give to packets
according to their port number using iptables. I'm having real trouble
setting up routes based on this. I'm issuing the following commands
assuming i have marked packets of a certain type with a 1:


echo 201 first.table >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table first.table
 
ip route add 30.0.0.0/8 dev eth0 table first.table

Basically its just like the exampls in the How To. I have to use Linux
kernel v-2.3.99-pre7, so am using iptables 1.0.0.

when i attempt to mark ICMP packets i get 'network unreachable' when i
ping another machine on our testbed which is not on the same subnet i.e
not 30.0.0.x

Can anyone help?
ThanKs!
Greg.
 



-- 
----------------------
Gregory OSINAIKE (ee9829@elec.qmw.ac.uk)
Electronic Engineering Department
Queen Mary and Westfield College

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] policy routing

[bert hubert]

On Tue, Mar 20, 2001 at 12:26:00PM +0000, Gregory OSINAIKE wrote:
> Hello,
> 
> I'm trying to route packets based on 'mark' numbers i give to packets
> according to their port number using iptables. I'm having real trouble
> setting up routes based on this. I'm issuing the following commands
> assuming i have marked packets of a certain type with a 1:
> 
> 
> echo 201 first.table >> /etc/iproute2/rt_tables
> 
> ip rule add fwmark 1 table first.table
>  
> ip route add 30.0.0.0/8 dev eth0 table first.table
> 
> Basically its just like the exampls in the How To. I have to use Linux
> kernel v-2.3.99-pre7, so am using iptables 1.0.0.
> 
> when i attempt to mark ICMP packets i get 'network unreachable' when i
> ping another machine on our testbed which is not on the same subnet i.e
> not 30.0.0.x

You also need to define a default gateway for marked packets then, I think.

Regards,

bert

-- 
http://www.PowerDNS.com      Versatile DNS Services  
Trilab                       The Technology People   
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

[LARTC] policy routing

[Fabian Gervan]

Hello
I am newbie with iproute2.
I have redhat 6.2 with 2 default gateways:
[...]
$IP route add default nexthop via 200.47.43.254 dev eth1 weight 2 nexthop \
 via 200.41.233.209 dev eth2 weight 1

now i want to force all outgoing connection to irc port (6667) use  200.47.43.254 as gw.

any idea?

-- 
Best regards,
 Fabian                          mailto:fabian1@inter-k.com.ar


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] policy routing

[bert hubert]

On Fri, Dec 07, 2001 at 04:19:28AM -0600, Fabian Gervan wrote:
> Hello
> I am newbie with iproute2.
> I have redhat 6.2 with 2 default gateways:
> [...]
> $IP route add default nexthop via 200.47.43.254 dev eth1 weight 2 nexthop \
>  via 200.41.233.209 dev eth2 weight 1
> 
> now i want to force all outgoing connection to irc port (6667) use  200.47.43.254 as gw.

fwmark all packets going to port 6667, and then use
'ip rule add fwmark 1 table 200'

and then:

'ip route add default via 200.47.43.254 dev eth1 table 200'

To mark, see
    http://ds9a.nl/lartc/HOWTO//cvs/2.4routing/output/2.4routing-11.html


Good luck!

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
Trilab                                 The Technology People
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

[LARTC] policy routing

[Stefan Kaiser]

Hello,

i am using suse-linux 8.0 and i am trying to get this to work:

eth0 = local network
ppp0 = dsl modem
ippp0= isdn-card

network traffic coming from eth0 and going to ppp0 by default

network traffic to dport25 is routed to ippp0 (dynamic-ip)

the traffic from eth0 to ppp0 is working

but the configuration for ippp0 is killing me :-(

marking the pakets:
# iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 25 \
 -j MARK --set-mark 1

configuring the policy routing database:
# echo 201 mail.out >> /etc/iproute2/rt_tables
# ip rule add fwmark 1 table mail.out
# ip rule ls
0: from all lookup local
32764: from all fwmark        1 lookup mail.out
32766: from all lookup main
32767: from all lookup default

and at last the mail.out table with the route to ippp0, but that´s my
problem: (i think)
# ip route add default dev ippp0 table mail.out

when i am now sending a mail (port25) ippp0 is dialing, but then the
route
is deleted, so i set the route again manual with the above command, but
the mail is not delivered

i have tryed to route the pakets back to my local net to the external
isdn-router:

# ip route add default via 192.168.21.10 dev eth0 table mail.out

this is working!!!

where do i fail?
when i try to set "default route" in the isdn configuration my default
route to the dsl
connection is deleted

I hope somebody can help me

regards,
stefan







_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/