(sorry if this double posts, my from: was wrong) Hello, I am trying to use iptables/iproute2 to get around assigning IP addresses. I have two machines I am trying this with, machine A is LVS running keepalived, using firewall marks to route to virtual servers. Machine B is an stunnel machine de-ssling port 443 requests sent to machine A. The steps I have taken: all options for iptables are on, LVS is patched in, advanced routing options are on. all pertinent options for routing using fwmarks are on too. Machine A iptables -A PREROUTING -t mangle -j MARK -p tcp --dport 80 --set-mark 0x1 iptables -A PREROUTING -t mangle -j MARK -p tcp --dport 443 --set-mark 0x2 ip rule add prio 100 fwmark 1 table 100 ip route add local 0/0 dev lo table 100 ip rule add prio 200 fwmark 2 table 200 ip route add 0/0 via B table 200 Machine B iptables -A PREROUTING -t mangle -j MARK -p tcp --dport 443 --set-mark 0x1 ip rule add prio 100 fwmark 1 table 100 ip route add local 0/0 dev lo table 100 Issuing these commands on machine A, packets move as I expect them to. However, on machine B, using tcpdump I see packets come in on port 443, but I never see machine B respond or send an ICMP error. Can someone please tell me why this is happening? At this point, it seems like either the keyword local is reserved for use in the local table and or keepalived is doing some magic... ??? -- Philip Champon Affinity Developer Ph - 954-334-8156 Em - pchampon@xxxxxxxxxxxxxxxxx
