Re: [LARTC] OUTPUT chain marking after or before routing?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message -----
From: "Martin A. Brown" <mabrown-lartc@xxxxxxxxxxxxxx>
To: "Chijioke Kalu" <kchijioke@xxxxxxx>
Cc: <catalin@xxxxxxxxxxxxxxxxxxxx>; <lartc@xxxxxxxxxxxxxxx>
Sent: Thursday, July 17, 2003 6:55 PM
Subject: Re: [LARTC] OUTPUT chain marking after or before routing?


> Catalin,
>
> >When I try to connect to a smtp port somewhere in the Internet, tcpdump
show
> >me that these packets go to the eth2 interface (the main table default
> >route). I don't know where is my mistake but it seems that the marking in
> >the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct
> >behaviour? How can I solve my problem? Please help!
>
> According to my reading of the KPTD (and my understanding), packets
> generated on the local machine have already been routed by the time the
> OUTPUT chain is traversed.  See:
>
>   http://www.docum.org/stef.coene/qos/kptd/
>

I'm very confused now. Look what is written in the iptables man page:

#############
 mangle This  table  is used for specialized packet alteration.  It has two
built-in
              chains: PREROUTING (for altering incoming packets before
routing) and OUTPUT
              (for altering locally-generated packets before routing).
######################

So how it is? OUTPUT marks packets AFTER or BEFORE routing?


> I see two potential approaches to this problem:
>
>   - invert your logic; main routing table uses ppp0 gateway IP as default
>     gateway, mark all traffic passing through your router box, and use
>     "ip rule add fwmark $MARK table $INTERNET" with another routing
>     table for the Internet-bound traffic.

This approach is harder for me because this is a working gateway and I don't
wan't to disturb the users with my tests. But, it is a very good idea and
maybe I will try it.

>
>   - send all locally generated traffic via ppp0; "ip rule add iif lo
>     table smtp" and watch all traffic generated on the local machine leave
>     via ppp0.  You'll want to add the locally connected networks to table
>     smtp.

I also tried that and it works. But I don't want to send all locally
generated traffic to ppp0. In fact I want only the smtp traffic on ppp0. The
Web traffic (including Squid generated, which is locally generated) must go
to eth2.

Thank you for your reply,

- catalin -
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux