iproute with iptables/mangle

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi List,
i have a realy strange problem with no solution yet,
i'm using iproute together with the iptables mangle option, in a dmz network
is 
a cisco pix present with another inet link behind, therefore i'm using the
mangle option to split traffic on a protocol base like:
iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.5 -p tcp --dport 80 -j
MARK --set-mark 3
and add the rule with:
ip rule add fwmark 3 table 10
and add the default route to the pix:
ip route add default via 192.168.2.254 dev eth2 table 10

This is working fine so far, now comes the problem, i got another network
with a lancom
dsl router where another inet link is behind, im using the same mangle and
iproute
options like
iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.6 -p tcp --dport 80 -j
MARK --set-mark 4
and add the rule with:
ip rule add fwmark 4 table 20
and add the default route to the dsl router:
ip route add default via 192.168.3.254 dev eth3 table 20

This doesnt work anymore, a tcpdump shows:
tcpdump src host 192.168.1.6 or dst host 192.168.1.6 -e -i eth3
tcpdump: listening on eth3
18:19:15.444110 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 62: 192.168.1.6.1184 >
66.102.9.104.www: S 1459260866:1459260866(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
18:19:15.514463 0:a0:57:f:df:7b 0:2:1e:f8:83:0 ip 60: 66.102.9.104.www >
192.168.1.6.1184: S 2669725313:2669725313(0) ack 1459260867 win 8190 <mss
1400>
18:19:18.459396 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 62: 192.168.1.6.1184 >
66.102.9.104.www: S 1459260866:1459260866(0) win 65535 <mss
1460,nop,nop,sackOK> 

Turning the mangle option off and modify the rule to
iproute rule add from 192.168.1.6 table 20 
works well, tcpump shows then:

tcpdump src host 10.0.1.62 or dst host 10.0.1.62 -e -i eth3
tcpdump: listening on eth3
18:36:05.914468 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 62: 192.168.1.6.1191 >
66.102.9.104.www: S 2339385470:2339385470(0) win 65535 <mss
1460,nop,nop,sackOK> (DF)
18:36:05.985144 0:a0:57:f:df:7b 0:2:1e:f8:83:0 ip 60: 66.102.9.104.www >
192.168.1.6: S 558741672:558741672(0) ack 2339385471 win 8190 <mss 1400>
18:36:05.985440 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 54: 192.168.1.6.1191 >
66.102.9.104.www: . ack 1 win 65535 (DF)
18:36:05.985617 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 358: 192.168.1.6.1191 >
66.102.9.104.www: P 1:305(304) ack 1 win 65535 (DF)
18:36:06.075635 0:a0:57:f:df:7b 0:2:1e:f8:83:0 ip 1454: 66.102.9.104.www >
192.168.1.6.1191: . 1:1401(1400) ack 305 win 7504 [tos 0x10]
18:36:06.076339 0:a0:57:f:df:7b 0:2:1e:f8:83:0 ip 320: 66.102.9.104.www >
192.168.1.6.1191: P 1401:1667(266) ack 305 win 7504 [tos 0x10]
18:36:06.076653 0:2:1e:f8:83:0 0:a0:57:f:df:7b ip 54: 192.168.1.6.1191 > 


Does anybody have a idea what this could be ?

thx

Matt
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux