Problem with routing to multiple tables

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

I am having some difficults to make a routing rule work. I want that every P2P packages go to one interface (eth2 - cheaper link) nad the rest of the traffic go to another interface (eth0 - frame relay very expensive).

I am using this script to make the mark and balance:

-------
#!/bin/bash

IPT="/usr/local/sbin/iptables"
IP="/sbin/ip"

#----
# Declara redes
#----
# FrameRelay
IFE1="eth0"
IPE1="200.163.208.3"
NWE1="200.163.208.0/26"
GWE1="200.163.208.1"
PRE1="3"
#
# DSL
IFE2="eth2"
IPE2="10.1.1.10"
NWE2="10.1.1.0/24"
GWE2="10.1.1.1"
PRE2="1"

#---
# Tabelas de roteamento
#---
L1="201"
L2="202"
MAIN="222"

#---
# Desabilita tabela main
#---
$IP rule add prio 50 table main
$IP route del default table main

#---
# ROTAS
#---
# Link 1 = L1
$IP rule add prio 201 from $NWE1 table $L1
$IP route add default via $GWE1 dev $IFE1 src $IPE1 proto static table $L1
$IP route append prohibit default table $L1 metric 1 proto static
#
# Link 2 = L2
$IP rule add prio 202 from $NWE2 table $L2
$IP route add default via $GWE2 dev $IFE2 src $IPE2 proto static table $L2
$IP route append prohibit default table $L2 metric 1 proto static
#
# MultiPath
$IP rule add prio 222 table $MAIN
$IP route add default table $MAIN proto static nexthop via $GWE1 dev $IFE1 weight $PRE1  nexthop via $GWE2 dev $IFE2 weight $PRE2

#---
# P2P + Unknow
#---
P2PPRIO="60"
P2PMARK="1"

$IPT -t mangle -F

$IPT -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
$IPT -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT

$IPT -t mangle -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK --set-mark 1
$IPT -t mangle -A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 1

for i in `cat /etc/l7-protocols/p2p`
do
$IPT -t mangle -A PREROUTING -p tcp -m layer7 --l7proto $i -j MARK --set-mark 1
done

$IPT -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark

$IP rule add prio $P2PPRIO fwmark $P2PMARK table $L2

$IP route flush cache
------

My question is: why the P2P traffic still going through eth0?

Att,

Nataniel Klug



________________________________________________
Mensagem enviada usando Webmail CNett 2.0
Message sent using Webmail CNett 2.0

Cyber Nett Internet Banda Larga
http://www.cnett.com.br/
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux