2.2.20 fwmark corruption?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




(this was originally posted to linux kernel)

Hi,

In order to redirect traffic to a transparent proxy, I'm using ipchains to 
set fwmark on packet, and an ip rule to throw those packets into an 
alternate routing table. The simplified setup looks like this:

- host R has 4 ethernet cards, eth0 .. eth3

- on eth1 there are host G (the default gateway) and host P (the 
transparent proxy)

- ipchains takes all packets that a) have proto tcp, dport 80 b) do not
have daddr on local networks and c) have a specified saddr - and sets
fwmark to 1

- routing table 1 contains only a default route with nexthost host P

- the is an "ip rule add fwmark 1 table 1"

The problem: couple of times a day I get entries in rt_cache that look
like "from (some interface of) host R to some host in directly connected
networks on eth0, eth2, eth3 via host P" - as if somehow those packets
were marked and got caught by the ip rule. But they cannot be marked,
because of the ipchains "daddr is not local" restriction (and remember
this happens only from time to time)

Changing the rule to something like "ip rule add from
same_specific_saddr_as_in_ipchains fwmark 1 table 1", though this is
redundant, makes the problem go away.

So, is there any way packets that do not match the ipchains rule get 
somehow from time to time a fwmark value of 1?


Dan
-- 
Dan Borlovan <danb@dnttm.ro>
System Administrator, Network Operation Center
Dynamic Network Technologies - ASTRAL TELECOM
Telefon: +40-256-204967  FAX: +40-256-220201


-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux