iproute and marking packets.

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


I have browsed the archives and not found anything to answer my problem so
here goes :-)

my internal network is on the 10.0.0.0/16 

my eth0 has 10.1.0.13  this address is NAT'ed at a cisco router  which is
10.1.0.21
my eth1 has 217.41.191.35 and this is connected straight into the back of an
ADSL modem the ip address of this is 217.41.191.38

the default gateway of this machine is the ADSL router. 

i have recompiled the kernel with routing/packet marking options needed.

I have the machine talking to the net and replying via both interfaces. this
is my script so far...


echo 1 > /proc/sys/net/ipv4/ip_forward 
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter 


ip route add default via 217.41.191.38 table T1
ip route add default via 10.1.0.21 table T2
# adds rules from the tables i guess.
ip rule add from 217.41.191.35 table T1
ip rule add from 10.1.0.13 table T2
#need this to see other internal machines...
route add -net 10.0.0.0/8 gw 10.1.0.21 dev eth0

this bit works fine.. 

What i want to do is mark smtp packets and send them via my 10.1.0.21
gateway.


#iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 1
#iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1

#tried both methods here.. both result in failure...
#ip ro add default dev eth0 table 10
#ip route add default via 10.1.0.21 dev eth0 table 10


#ip ru add fwmark 1 table 10

ive checked to see if the counters increment and they do.. so the marking is
working fine.. just not the routing..
 when i try to telnet to port 25 of anything i get a "no route to host" and
nothing appears in TCPDUMP
if i remove the ip ru add fwmark 1 i can then telnet to port 25 of anything
again but via the adsl link...



i am using iptables 1.2.7a and kernel 2.4.18 on a suse 8 box.

anyone any ideas ?

Thanks in advance.

Pete Thompson





_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux