You would probably need to check the precedence of the rules. Routing based on fwmark may need to come ahead of the one that routes the packet to T2. Have not used it myself. This is logic and not experience. If this is wrong, forgive me for I know not. Mohan -----Original Message----- From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]On Behalf Of Thompson,Peter Sent: 13 September 2002 14:23 To: 'lartc@mailman.ds9a.nl' Subject: iproute and marking packets. I have browsed the archives and not found anything to answer my problem so here goes :-) my internal network is on the 10.0.0.0/16 my eth0 has 10.1.0.13 this address is NAT'ed at a cisco router which is 10.1.0.21 my eth1 has 217.41.191.35 and this is connected straight into the back of an ADSL modem the ip address of this is 217.41.191.38 the default gateway of this machine is the ADSL router. i have recompiled the kernel with routing/packet marking options needed. I have the machine talking to the net and replying via both interfaces. this is my script so far... echo 1 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter ip route add default via 217.41.191.38 table T1 ip route add default via 10.1.0.21 table T2 # adds rules from the tables i guess. ip rule add from 217.41.191.35 table T1 ip rule add from 10.1.0.13 table T2 #need this to see other internal machines... route add -net 10.0.0.0/8 gw 10.1.0.21 dev eth0 this bit works fine.. What i want to do is mark smtp packets and send them via my 10.1.0.21 gateway. #iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 1 #iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1 #tried both methods here.. both result in failure... #ip ro add default dev eth0 table 10 #ip route add default via 10.1.0.21 dev eth0 table 10 #ip ru add fwmark 1 table 10 ive checked to see if the counters increment and they do.. so the marking is working fine.. just not the routing.. when i try to telnet to port 25 of anything i get a "no route to host" and nothing appears in TCPDUMP if i remove the ip ru add fwmark 1 i can then telnet to port 25 of anything again but via the adsl link... i am using iptables 1.2.7a and kernel 2.4.18 on a suse 8 box. anyone any ideas ? Thanks in advance. Pete Thompson _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
