Re: [LARTC] Wierd Policy Routing Behaviour

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sellaro,

I'm not sure about this, (others on the list may confirm), but I think you 
want to use --set-tos instead of --set-mark.

My understanding is that the mark only exists while the packet is on the 
local machine, but when you set the ToS flags, then you are changing the 
packet.

Best of luck,

-Martin

 : Hi there 
 : 
 : I'm trying to set up policy routing in a simple scenario without further
 : success. My linux router is connected to two different cable ISPs. One
 : of these links (hereafter named A) permits traffic to SMTP servers while
 : the other (link B) doesn't. 
 : 
 : What I am trying to set up is: all traffic should flow through link B
 : and only SMTP traffic through link A. 
 : 
 : What I am doing: 
 : 
 : Marking all packets from my intranet with source port within the range
 : 1024 to 65535 and with destination port 25 with mark 0x3. I am also
 : marking packets from our internal SMTP server with source port 25 to any
 : other port with the same mark. Marks are being made in the OUTPUT chain
 : (using iptables) as follows: 
 : 
 : iptables -t mangle -A OUTPUT -p tcp --sport 1024:65535 --dport 25 -j
 : MARK --set-mark 3 
 : 
 : iptables  -t mangle -A OUTPUT -p tcp -s <MY SMTP SERVER> --sport 25 -j
 : MARK --set-mark 3 
 : 
 : Then, I have created a new routing table named SMTP-ROUTE with default
 : gateway being the default gateway for link A as follows: 
 : 
 : ip ro add default via <A's default GW> table SMTP-ROUTE 
 : 
 : To complete the setup, I've added a rule stating that all packets marked
 : with 0x3 should use SMTP-ROUTE with this command: 
 : 
 : ip ru add fwmark 3 table SMTP-ROUTE 
 : 
 : Yes, I've flushed the routing cache with: 
 : 
 : ip ro flush cache 
 : 
 : Default route in main routing table is B's gateway. 
 : 
 : I don't know why, but SMTP traffic keeps going through B's gateway,
 : instead of A's, as expected. 
 : 
 : I've sniffed the network and, in fact, the packets are trying to go out
 : through B's gateway.
 : 
 : Can anyone please point what I am doing wrong?
 : 
 : Thank you in advance 
 : 

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux