Ramin Alidousti wrote: > On Mon, Oct 07, 2002 at 12:28:46PM -0400, Stephane Ouellette wrote: > > >>MY PROBLEM >>---------- >> >>Suppose I want to do some policy routing using the fwmark as a routing >>key. I should have entered the following commands: >> >>iptables -t mangle -A OUTPUT -o eth0 -p icmp --icmp-type \ >>-d $TESTMACHINE1 -j MARK --set-mark 1 >>iptables -t mangle -A OUTPUT -o eth1 -p icmp --icmp-type \ >>-d $TESTMACHINE2 -j MARK --set-mark 2 > > > I'd remove the '-o' option as you don't know yet where the packets > would be routed to. > > Ramin > PS. You forgot the --icmp-type argument. Did your linux box take > these commands? > Ramin, I mistyped the commands I entered. In fact, you should read: iptables -t mangle -A OUTPUT -p icmp --icmp-type echo-request \ -d $TESTMACHINE1 -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -p icmp --icmp-type echo-request \ -d $TESTMACHINE2 -j MARK --set-mark 2 Stephane > > >>ip rule add fwmark 1 table lan1 >>ip rule add fwmark 2 table lan2 >> >>Now, pinging $TESTMACHINE1 or $TESTMACHINE2 always uses the same >>gateway! The iptables rule counters increment as expected but it seems >>that the fwmark has no effect on routing !!! >> >> >>MY CONFIGURATION >>---------------- >> >>RedHat 7.2 on i686 >>Kernel 2.4.20-pre9 (all options related to advanced routing are enabled) >>Today's CVS snapshot of the Netfilter project >> >> >> >>Any suggestion would be greatly appreciated !!! >> >>Stephane. >> >> >>_______________________________________________ >>LARTC mailing list / LARTC@mailman.ds9a.nl >>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
