I was trying to setup some policy routing (using iptables fwmark) for
local traffic; i've just in place rules for forward traffic (in
PREROUTING chain, mangle table) and works as expected.
EG:
ulysses:~# ip rule show
0: from all lookup local
32762: from all fwmark 0x30/0xf0 lookup FIBRA
32763: from 192.168.178.2 lookup FIBRA
32764: from all fwmark 0x20/0xf0 lookup ADSL2
32765: from 194.243.231.54 lookup ADSL2
32766: from all lookup main
32767: from all lookup default
and
ulysses:~# iptables -t mangle -vnL PREROUTING
Chain PREROUTING (policy ACCEPT 278K packets, 175M bytes)
pkts bytes target prot opt in out source destination
0 0 MARK tcp -- * * 0.0.0.0/0 173.194.79.109 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
0 0 MARK tcp -- * * 0.0.0.0/0 173.194.79.108 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
1488 311K MARK tcp -- * * 0.0.0.0/0 173.194.76.109 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
143 99494 MARK tcp -- * * 0.0.0.0/0 173.194.76.108 multiport dports 25,465,587,993,995 mark match 0x0/0xf0 MARK xset 0x20/0xf0
[...]
I've tried to setup the same thing for local generated traffic but...
i've discovered that the 'routing decision' happen BEFORE iptables
tables (so, simply, fwmarks get ignored).
It is true or i'm missing something? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
