From mboxrd@z Thu Jan  1 00:00:00 1970
From: Damion de Soto <damion@snapgear.com>
Date: Sun, 24 Aug 2003 23:55:01 +0000
Subject: Re: [LARTC] routing oddity, help?
Message-Id: <marc-lartc-106176942019006@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-106156216120711@msgid-missing>
In-Reply-To: <marc-lartc-106156216120711@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Philip Champon wrote:
> 
> Machine B
> iptables -A PREROUTING -t mangle -j MARK -p tcp --dport 443 --set-mark 0x1
> ip rule add prio 100 fwmark 1 table 100
> ip route add local 0/0 dev lo table 100
> 
> Issuing these commands on machine A, packets move as I expect them to. However,
> on machine B, using tcpdump I see packets come in on port 443, but I never see
> machine B respond or send an ICMP error.

I never tried anything like this before, and don't really understand what you're 
doing, but taking a guess:
aren't you directing the incoming port 443 packets to the loopback device routing table ?
so then they're never going to do anything useful, unless your application is 
specificaly listening on 127.0.0.1 ?


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer  email:     damion@snapgear.com
SnapGear ---                           ph:         +61 7 3435 2809
  | Custom Embedded Solutions          fax:         +61 7 3891 3630
  | and Security Appliances            web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/