[LARTC] Problems with route by fwmark

["Sebastian Schneider" <pueba@xxxxxx>]

Hi, 
 
I have some Problems with Advanced Routing by FWMARK. Here my configuration: 
 
static routes ( route -n ) : 
 
Kernel IP routing table 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface 
... 
192.168.1.0     10.111.111.1    255.255.255.0   UG    0      0        0 eth0 
... 
192.168.7.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.6.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.5.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.4.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.3.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.2.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.12.0     10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.11.0     10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.9.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
192.168.8.0      10.111.111.6     255.255.255.0   UG    0      0        0 eth2 
... 
 
Our network 192.168.1.0/24 (reachable by eth0) is addressed with 192.168.10.0/24 for all other  
networks, which are reachable by eth2. It works fine with some SNAT-rules and DNAT-rules. The 
Big Problem is a second 192.168.1.0-network, which is reachable by eth2. Our network wants to 
address this network with 192.168.20.0/24.  
 
netfilterscript: 
... 
# workaround (http://lists.netfilter.org/pipermail/netfilter/2000-November/006089.html)  
 
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter 
echo 1 > /proc/sys/net/ipv4/route/flush 
 
... 
# rules to route packtes from 192.168.1.0 to virtual 192.168.20.0  ==> to second 192.168.1.0 
 
/usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 17 
 
for ((i=3; i<255; i++)); do 
	 	 
	/usr/sbin/iptables -t nat -A PREROUTING  -i eth0 -s 192.168.1.0/24 -d 192.168.20.${i} -j 
DNAT --to-destination 192.168.1.${i}   
		 
	/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.${i} -o eth2 -j SNAT --to-source 
192.168.10.${i} 
 
...  
 
done 
 
... 
 
# in /etc/iproute2/rt_tables:  ... 201 m.table ... 
 
ip rule add fwmark 17 table m.table 
 
/sbin/ip route add 192.168.1.0/24 via 10.111.111.6  dev eth2 table m.table 
 
... 
EOnetfilterscript 
 
> ip rule ls 
0:      from all lookup local  
32765:  from all fwmark       17 lookup m.table  
32766:  from all lookup main  
32767:  from all lookup default 
 
> ip route list table m.table 
192.168.1.0/24 via  10.111.111.6  dev eth2 
 
But!!!! 
 
Packets from 192.168.1.0/24 to 192.168.20.0/24 leaves the router by eth0 (with IP-Header: