Hello, I tried to mark the packets in the PREROUTING chain but still doesn't work. Now the packets are no marked anymore when they go out by the eth2 interface. When I marked them in the OUTPUT chain they arrived also to the eth2 interface but marked. According to the docs the PREROUTING chain is not traversed by locally generated packets so, I don't know how this works for you. Maybe you have forwarded packets and not locally generated packets. - catalin - ----- Original Message ----- From: "???????? ?????" <skekes@xxxxxxxxxx> To: "Catalin Borcea" <catalin@xxxxxxxxxxxxxxxxxxxx> Cc: <lartc@xxxxxxxxxxxxxxx> Sent: Thursday, July 17, 2003 9:04 AM Subject: Re: [LARTC] OUTPUT chain marking after or before routing? > Hello dear Catalin, > Well the only mistake you made is that you placed hte mark filters on > the output of the interface. > I suggest you to park them in the PREROUTING chain and not in the > output. It works fine to me. > Best regards > Stamatis > Catalin Borcea wrote: > > >Hello, > >I have a Linux box with 3 network adapters: > >eth0 : IP:10.200.0.1/24 > >eth1/ppp0: IP:80.97.105.98 > >eth2 : IP:192.168.1.100/24 > > > >I want that all the Internet traffic goes to the eth2 interface except the > >smtp traffic that I want to go to the ppp0 interface. The main routing table > >is: > >172.16.20.1 dev ppp0 proto kernel scope link src 80.97.105.98 > >192.168.1.0/24 dev eth2 scope link > >10.200.0.0/24 dev eth0 scope link > >192.168.254.0/24 dev eth1 scope link > >127.0.0.0/8 dev lo scope link > >default via 192.168.1.1 dev eth2 > > > > > >I decided to use netfilter to mark the packets that leave the gateway from > >and to the smtp port. I do this in the OUTPUT chain of the mangle table. So, > >according to the docs, the marking will occur before routing for locally > >generated packets: > > > >$IT -t mangle -A OUTPUT -p tcp --dport smtp -j MARK --set-mark 2 > >$IT -t mangle -A OUTPUT -p tcp --sport smtp -j MARK --set-mark 2 > > > >Then I define a new routing table (named "smtp") and a rule to redirect smtp > >packets to this table. The output of "ip rule ls" is: > ># 0: from all lookup local > ># 32765: from all fwmark 2 lookup smtp > ># 32766: from all lookup main > ># 32767: from all lookup 253 > > > >In table "smtp" I defined a default route by the dev ppp0. The output of "ip > >route ls table smtp" is: > ># default dev ppp0 > > > >When I try to connect to a smtp port somewhere in the Internet, tcpdump show > >me that these packets go to the eth2 interface (the main table default > >route). I don't know where is my mistake but it seems that the marking in > >the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct > >behaviour? How can I solve my problem? Please help! > > > >TIA > >- catalin - > > > > > >_______________________________________________ > >LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > > > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >
