From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jimmy Thrasibule <thrasibule.jimmy@gmail.com>
Subject: Re: Policy routing problem
Date: Tue, 23 Oct 2012 14:16:32 +0200
Message-ID: <1350994592.2074.7.camel@BEWS005.euractiv.com>
References: <56295.129.217.4.64.1350990304.squirrel@postamt.cs.uni-dortmund.de>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:subject:from:to:cc:date:in-reply-to:references
         :content-type:x-mailer:mime-version:content-transfer-encoding;
        bh=xOWd4vA+HWXL9x1D9428+gmNHP2yp9YhZCArZMw5b74=;
        b=HX7BMgj4yJjpch+eeIkl/iOiyjlWgKHWbE01EUMNCC+VegapvgHBKtwNS/YaZ8+dl3
         M6sY1X/947UOhL7BL3UK0IpPSSm2ZoPRElB0a4Kg5CsJOgHufAZJJhWHMsj4JO93EzEQ
         HcAyZcatBFQk+vzhExJZm01bZjdgoQLQ72TWojTms3FZXO3MUVP1FbyHH1eZZbc10LUC
         tNFimkJO8Ne2MrgTZyEJ7jZ57+TCYsuJYjKLtDlnbD+JHDosTqQnUGBe/WoIAe9dCkaJ
         9u3Q25mYLzhREa5fNM2syX6lbGp5hoeb/fY5eyUll9jW+f/YW5eFnWjOrd38fkiJrU0l
         KLZQ==
In-Reply-To: <56295.129.217.4.64.1350990304.squirrel@postamt.cs.uni-dortmund.de>
Sender: linux-admin-owner@vger.kernel.org
List-ID: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Christoph Pleger <Christoph.Pleger@cs.tu-dortmund.de>
Cc: linux-admin@vger.kernel.org

On Tue, 2012-10-23 at 13:05 +0200, Christoph Pleger wrote:
> Hello,

Hello,

> I am running a DHCP-Server that serves multiple subnets. The server has
> an IP address in all of these subnets, and its primary IP address in a
> subnet that is not served by DHCP. Every IP address has its own VLAN
> Ethernet interface, eth0.102, eth0.104, etc. In this setup, the DHCP
> server often does not send its unicast replies on the interface where it
> received the corresponding request, but on the interface of its primary
> IP address, and with that IP. My first thought how to change this was by
> setting routes depending on destination addresses, but this would cause
> big problems with other services running on the same machine, so I tried
> to combine iproute2 and iptables, like this:

Unless you implicitly defined an interface to bind on, your DHCP server
should be listening on all broadcast interfaces. Alternatively, you can
force your DHCP server to bind on the interfaces you want.

If everything is OK on this point, some DHCP requests might come from
the "primary IP" address making the server to respond on that interface.

> iptables -t mangle -A OUTPUT -p udp --source-port bootps \
>    -d xxx.xxx.22.0/24 -j MARK --set-mark 122
> 
> ip route add to xxx.xxx.22.0/24 dev eth0.122 table 122
> 
> ip rule add fwmark 122 table 122
> 
> Though I can see in my logs that iptables really sets that mark, routing
> does not work as expected and the server still uses its primary IP address
> for sending unicast DHCP replies.
> 
> What am I doing wrong and what must be done to achieve the desired
> behaviour?

In OUTPUT chain, the outbound interface is already defined. You should
be marking in PREROUTING. But check your network configuration first as
the problem might come from there.


Jimmy