RE: Re: multiple routing tables for internal router programs

["Salim S I" <salim.si@xxxxxxxxxxxxxxxx>]

The relevant portions are:

root@xxxxxxxxx:~# iptables -t mangle -L LOC -v
Chain LOC (1 references)
 pkts bytes target     prot opt in     out     source
destination
10125 1152K CONNMARK   all  --  any    any     anywhere
anywhere            CONNMARK restore
   64 12017 LB1        all  --  any    any     anywhere
anywhere            state NEW MARK match 0x0  random 84%
  174 28502 LB2        all  --  any    any     anywhere
anywhere            state NEW MARK match 0x0

root@xxxxxxxxx:~# iptables -t mangle -L LB1 -v
Chain LB1 (2 references)
 pkts bytes target     prot opt in     out     source
destination
 2350  257K MARK      all  --  any    any     anywhere
anywhere            MARK or 0x200
 2350  257K CONNMARK   all  --  any    any     anywhere
anywhere            CONNMARK save

root@xxxxxxxxx:~# iptables -t mangle -L LB2 -v
Chain LB2 (2 references)
 pkts bytes target     prot opt in     out     source
destination
 6931 1196K MARK      all  --  any    any     anywhere
anywhere            MARK or 0x400
 6931 1196K CONNMARK   all  --  any    any     anywhere
anywhere            CONNMARK save

root@xxxxxxxxx:~# iptables -t mangle -L OUTPUT -v
Chain OUTPUT (policy ACCEPT 8358 packets, 1290K bytes)
 pkts bytes target     prot opt in     out     source
destination
 1551  119K LB1        all  --  any    eth2    anywhere
anywhere
 6788 1170K LB2        all  --  any    eth3    anywhere
anywhere

NATing is done with MASQUERADE, not SNAT, I use another MARK for it, but
in essence it is 
-o eth2 -j MASQUEARDE
-o eth3 -j MASQUEARDE

In addition, there are several other MARKs for policy routing. They have
their own routing tables also. But at present, they are all empty.

-----Original Message-----
From: Peter Rabbitson [mailto:rabbit@xxxxxxxxx] 
Sent: Thursday, June 14, 2007 3:27 PM
To: Salim S I
Cc: lartc@xxxxxxxxxxxxxxx
Subject: Re:  Re: multiple routing tables for internal router
programs

Salim S I wrote:
> I solved it, thought a bit ugly.
> 

Sorry I didn't answer earlier. Can you post your iptables rules too, the

routing alone is not sufficient. If your setup is confidential at least 
show all statements that set MARKs one way or another. What you did is 
strange, but it might very well be warranted. Still - depends on your 
existing rules.


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc