i want to mark the pachets generated localy, and route them differently
We have almost the same scenario except we need to use tcp instead of udp and we want to direct all port 80 traffic from the internal network out our new cable modem instead of using the older (slower) iDSL circuit.
so iptables -A OUTPUT -t mangle -p udp --dport 50000:51000 -j MARK --set-to 0x1
I think this ^^^^^ needs to be --set-mark?
It seems that 'iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 0x1' works, because iptables -t mangle -L -v outputs packet count sizes and shows that the specific rules are being matched.
ip rule add fwmark 0x1 table 230
ip route add default via 194... table 230
We did exactly these steps as well (except we used table 1) and gave the rules a priority. Is this maybe where we went wrong?
It just doesn't work. The packets are being marked but are apparently not being dumped into the correct routing table properly. When the packets that are marked are logged, they have the source address of the iDSL circuit instead of the cable modem because the iDSL is the default route for the 'main' table (I assume). The web traffic does not work either. It just seems to go out the iDSL and doesn't appear to come back. Or if it does, it does not know how to route internally for some reason even though the source address is the iDSL which it show know everything it needs to know about in order to route it back into the internal network.
Does routing table 1 need to have routes to the internal network? I wouldn't think so, but I could be mistaken.
-- Jason A. Pattie pattieja@xxxxxxxxxxxxxxx
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
