MARK Locally Generated Packets

MARK Locally Generated Packets

[Jay]

Hi,

     I'm trying to mark locally generated packets to be able to re-route
HTTP(S) requets out a different gateway. Similar to a transparent proxy,
with the exception that I want only traffic generated from this box to
get marked and re-routed. I've setup everything correctly according to
the many documents I've found, and I can manually use ip rules to get the
actions I want, I'm jut not getting a mark recognized by the ip rules.
Anybody have any ideas on how to get iptables to mark locally generated
packets?

-= Jay =-

Re: MARK Locally Generated Packets

[Joerg Kinzebach]

>      I'm trying to mark locally generated packets to be able to re-route
> HTTP(S) requets out a different gateway. Similar to a transparent proxy,
> with the exception that I want only traffic generated from this box to
> get marked and re-routed. I've setup everything correctly according to
> the many documents I've found, and I can manually use ip rules to get the
> actions I want, I'm jut not getting a mark recognized by the ip rules.

Something like this should do:

iptables -t mangle -I OUTPUT -p tcp --sport 443 -s <local_ip> \
    -j MARK --set-mark 0xc

ip rule add pref 1 fwmark 0xc table 101
ip route add 0.0.0.0/0 via $router table 101

This marks all ports originated on TCP port 443 of <local_ip> with
"0xc" and for all packets with 0xc the routing table "101" will
be used which routes everything that hits it towards $router.

I asumme you used the PREROUTING chain of the mangle table instead
of the OUTPUT chain.



joerg