ip rule with fwmark trouble

ip rule with fwmark trouble

[李伟华]

i have a linux router box ( kernel   2.6.23.12  iptables 1.4.0 ) with 3 interface,  eth0 to lan , eth1 to isp1  ,eth2 to isp2. i add these rule to iptables's nat table:
-A POSTROUTING -s LAN_IP -o eth1 -j MASQUERADE
-A POSTROUTING -s LAN_IP -o eth2 -j MASQUERADE

then, add route to route table:
ip route add 0/0 via ISP1_GW dev eth1 
ip route add 0/0 via ISP2_GW dev eth2 tables ISP2

now ,i want some ip in my lan out with ISP2,  use this rule :
ip rule add from SOME_IP table ISP2

it is work fine.
but when i use iptables  add mark to out-traffic and use ip rule with fwmark like this:
iptables -t mangle -A PREROUTING -s SOME_IP -j MARK --set-mark 11
ip rule add fwmark 11 table ISP2

the SOME_IP computers can't access internet , what's wrong ? Does anyone have hints ?



_________________________________________________________________
新年换新颜，快来妆扮自己的MSN给心仪的TA一个惊喜！
http://im.live.cn/emoticons/?ID=18

Re: ip rule with fwmark trouble

[Thomas Jacob]

On Sun, Jun 01, 2008 at 09:19:40AM +0000, 李伟华 wrote:
> but when i use iptables  add mark to out-traffic and use ip rule with fwmark like this:
> iptables -t mangle -A PREROUTING -s SOME_IP -j MARK --set-mark 11
> ip rule add fwmark 11 table ISP2
> 
> the SOME_IP computers can't access internet , what's wrong ? Does anyone have hints ?QUW1 

Maybe it's caused by rp_filter according to the following mail, if that
information is still valid:

http://lists.netfilter.org/pipermail/netfilter/2000-November/006089.html