From: Esteban <eribicic@sinectis.com>
To: Tomasz Wrona <lartc@eter.tym.pl>
Cc: netfilter@lists.netfilter.org
Subject: Re: fwmarks
Date: 01 Mar 2003 21:00:56 -0300 [thread overview]
Message-ID: <1046563256.1685.76.camel@debian> (raw)
In-Reply-To: <Pine.LNX.4.30.0303020011020.24077-100000@king.klan.gda.pl>
ive tryed and so on..
root@debian:~# find /proc/ -type f -iname "rp_filter" -exec cat {} \;
0
0
0
0
0
root@debian:
it doesnt work!..
i see the accounting of paquets in iptables, so marking is working..
root@debian:~# ip route ls
172.0.0.0/24 dev eth0 proto kernel scope link src 172.0.0.82
172.0.0.0/24 dev eth1 proto kernel scope link src 172.0.0.81
default via 172.0.0.1 dev eth0
but they keep on using the default route! (eth0) and not eth1!
root@debian:~# ip rule ls
0: from all lookup local
32761: from all fwmark 2 lookup eth1
32762: from all fwmark 2 lookup eth1
32763: from all fwmark d lookup eth1
32764: from all fwmark 13 lookup eth1
32765: from all to 198.133.219.25 lookup eth1
32766: from all lookup main
32767: from all lookup default
root@debian:~#
root@debian:~# ip route ls table eth1
172.0.0.1 dev eth1 scope link src 172.0.0.81
default via 172.0.0.1 dev eth1 src 172.0.0.81
root@debian:~#
root@debian:~# iptables -t mangle -L -n -v
Chain PREROUTING (policy ACCEPT 11811 packets, 5080K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 10043 packets, 4859K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 8362 packets, 1812K bytes)
pkts bytes target prot opt in out source
destination
120 6287 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 MARK set 0x2
261 12430 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110 MARK set 0xd
Chain POSTROUTING (policy ACCEPT 8542 packets, 1832K bytes)
pkts bytes target prot opt in out source
destination
root@debian:~#
thanks for helping me!! any idea??
On Sat, 2003-03-01 at 20:13, Tomasz Wrona wrote:
> On 1 Mar 2003, Esteban wrote:
>
> > and then
> > echo 201 www.out >> /etc/iproute2/rt_tables
> > ip rule add fwmark 2 table www.out
> > ip route add default gw via 1.1.1.1 dev ppp0
> > ip route flush cache
> >
> > and does not work!.
> > if i create a rule like
> > ip rule add to 2.2.2.2 table www.out
> > ip route flush cache
> >
> > that does work!..
>
> Set [I guess location but key is to turn of rpfilter when using
> policyrouting via fwmark]:
> echo "0" > /proc/sys/net/ipv4/conf/ppp0/rp_filter
>
> Regards
> tw
> --
>
> ----------------
> ck.eter.tym.pl
>
> "Never let shooling disturb Your education"
>
>
next prev parent reply other threads:[~2003-03-02 0:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-03-01 20:44 fwmarks Esteban
2003-03-01 22:00 ` fwmarks Joel Newkirk
2003-03-01 23:13 ` fwmarks Tomasz Wrona
2003-03-02 0:00 ` Esteban [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-03-02 21:30 fwmarks eribicic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1046563256.1685.76.camel@debian \
--to=eribicic@sinectis.com \
--cc=lartc@eter.tym.pl \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox