Re: Routing issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 09/27/2012 11:01 AM, Manish Kathuria wrote:
> On Thu, Sep 27, 2012 at 7:04 PM, Steve Clark <sclark@xxxxxxxxxxxxx> wrote:
>> On 09/26/2012 11:57 PM, Manish Kathuria wrote:
>>
>> On Thu, Sep 27, 2012 at 7:46 AM, Gordon Messmer <yinyang@xxxxxxxxx> wrote:
>>
>> On 09/26/2012 09:15 AM, Steve Clark wrote:
> The routes-x.y-z.diff is a unified patch containing different parts
> which include support for Dead Gateway Detection as well.  However,
> since that is limited to the first hop, it is preferable to have a
> userspace script as you are doing. I also use a script to check the
> accessibility of a remote popular site from each of the ISPs and based
> upon the response the links are treated alive or dead and the default
> gateway is changed. However, the routing problem as described by you
> will only be solved after applying this patch (routes-x.y-z.diff).
>
> As for marking the incoming packets to ensure that they go out from
> the same interface they came from, you could do something like the
> following:
>
> Using iptables mark the incoming traffic from external interfaces
>
> /sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> /sbin/iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
> /sbin/iptables -t mangle -A PREROUTING -i eth1 -j MARK  --set-mark 1
> /sbin/iptables -t mangle -A PREROUTING -i eth1 -j CONNMARK --save-mark
> /sbin/iptables -t mangle -A PREROUTING -i eth2 -j MARK  --set-mark 2
> /sbin/iptables -t mangle -A PREROUTING -i eth2 -j CONNMARK --save-mark
>
> Add the following rules to your existing ones for policy routing
>
> /sbin/ip rule add fwmark 1 table T1
> /sbin/ip rule add fwmark 2 table T2
Hi Manish,

Thanks for the info. The one question I have is about
/sbin/iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark

I thought the OUTPUT chain was only for packets originating locally. I am only concerned
with clients behind my Linux router, do I still need this?

Again, thanks much for responding.

-- 
Stephen Clark
*NetWolves*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux