[iptables/iproute2] Output interface and UDP packets

["BERTRAND Joël" <joel.bertrand@systella.fr>]

	Hello,

	I have made a test with a linux box connected by two NIC's on the same 
LAN. This box is a 32 processors UltraSparc server and runs with 
2.6.23-rc9 linux kernel (sparc64/SMP) on a debian/testing distribution.

eth0: 213.215.42.70/24
eth3: 213.215.42.69/24

With the following iptables/iproute2 rules :

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P OUTPUT ACCEPT

route add default gw 213.215.42.65 dev eth0
iproute2 rule add from 213.215.42.69 lookup local_traffic priority 100
iproute2 rule add fwmark 1 table local_traffic priority 101
iproute2 route add default via 213.215.42.65 dev eth3 table local_traffic
iproute2 route flush cache

echo 0 > /proc/sys/net/ipv4/conf/eth3/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth3/arp_ignore
echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_filter
echo 1 > /proc/sys/net/ipv4/conf/eth3/arp_filter

iptables -t mangle -A INPUT -d 213.215.42.70 -j CONNMARK --set-mark 2
iptables -t mangle -A OUTPUT -m connmark --mark 2 -j RETURN
iptables -t mangle -A OUTPUT -j MARK --set-mark 1

	Whit these command lines, I obtain :

Root gershwin:[~] > route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
213.215.42.64   *               255.255.255.240 U     0      0        0 eth0
213.215.42.64   *               255.255.255.240 U     0      0        0 eth3
default         213.215.42.65   0.0.0.0         UG    0      0        0 eth0
Root gershwin:[~] > Root gershwin:[~] > ip rule show
0:      from all lookup local
100:    from 213.215.42.69 lookup local_traffic
101:    from all fwmark 0x1 lookup local_traffic
32766:  from all lookup main
32767:  from all lookup default
Root gershwin:[~] > Root gershwin:[~] > ip route
213.215.42.64/28 dev eth0  proto kernel  scope link  src 213.215.42.70
213.215.42.64/28 dev eth3  proto kernel  scope link  src 213.215.42.69
default via 213.215.42.65 dev eth0
Root gershwin:[~] > ip route show table local_traffic
default via 213.215.42.65 dev eth3
Root gershwin:[~] >

All locally generated packets are routed via eth3, but with eth0 IP 
address. Problem... Thus, I have added the following line to fix this 
mistake :

iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT \
	--to-source 213.215.42.69

Now :

All ICMP (ping) and TCP (ssh for example) are routed via eth3. I can do 
a ssh on external server without any trouble. But UDP packets are sent 
via eth0 (but with eth3 IP address) _and_ received via eth3 :

Packets received by eth3:
23:04:37.159721 IP kimsufi.gegeweb.org.ntp > brahms.systella.net.ntp: 
NTPv4, Server, length 48
23:04:38.159888 IP goelette.net.ntp > brahms.systella.net.ntp: NTPv4, 
Server, length 48
23:04:38.159950 IP ns.oredin.net.ntp > brahms.systella.net.ntp: NTPv4, 
Server, length 48

and send by eth0 (brahms is eth3 address)
23:02:47.940968 IP brahms.systella.net.ntp > ntp.dr-j.eu.ntp: NTPv4, 
Client, length 48
23:03:05.940974 IP brahms.systella.net.ntp > goelette.net.ntp: NTPv4, 
Client, length 48
23:03:06.940979 IP brahms.systella.net.ntp > ns.oredin.net.ntp: NTPv4, 
Client, length 48

	I don't understand why datagrams are not routed by eth3. All 
explanations are welcome ;-)

	Regards,

	JKB