Well the only mistake you made is that you placed hte mark filters on the output of the interface.
I suggest you to park them in the PREROUTING chain and not in the output. It works fine to me.
Best regards
Stamatis
Catalin Borcea wrote:
Hello, I have a Linux box with 3 network adapters: eth0 : IP:10.200.0.1/24 eth1/ppp0: IP:80.97.105.98 eth2 : IP:192.168.1.100/24
I want that all the Internet traffic goes to the eth2 interface except the smtp traffic that I want to go to the ppp0 interface. The main routing table is: 172.16.20.1 dev ppp0 proto kernel scope link src 80.97.105.98 192.168.1.0/24 dev eth2 scope link 10.200.0.0/24 dev eth0 scope link 192.168.254.0/24 dev eth1 scope link 127.0.0.0/8 dev lo scope link default via 192.168.1.1 dev eth2
I decided to use netfilter to mark the packets that leave the gateway from and to the smtp port. I do this in the OUTPUT chain of the mangle table. So, according to the docs, the marking will occur before routing for locally generated packets:
$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2 $IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2
Then I define a new routing table (named "smtp") and a rule to redirect smtp packets to this table. The output of "ip rule ls" is: # 0: from all lookup local # 32765: from all fwmark 2 lookup smtp # 32766: from all lookup main # 32767: from all lookup 253
In table "smtp" I defined a default route by the dev ppp0. The output of "ip route ls table smtp" is: # default dev ppp0
When I try to connect to a smtp port somewhere in the Internet, tcpdump show me that these packets go to the eth2 interface (the main table default route). I don't know where is my mistake but it seems that the marking in the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct behaviour? How can I solve my problem? Please help!
TIA - catalin -
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
