Re: [A BUG?]: routing with multiple default routes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bill Davidsen wrote:
> Still working on this problem, I have found what appears to be a bug.
> The documentation seems to indicate that in a route definition if I have
> "src x.x.x.x" it defines the outgoing IP address. I'm cautiously going
> to say that doesn't seem to be the case.
> 
> I have these rules:
> 
>    firewall2:root> ip rule show
>    0:      from all lookup local
>    32765:  from all fwmark 0x1 lookup mail.in
>    32766:  from all lookup main
>    32767:  from all lookup 253
> 
> which should (do) send marked packets to the ruleset "mail.in" (historic
> name, not related to incoming mail). And I have these routes defined:
> 
>    firewall2:root> ip route show
>    192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.47
>    64.65.253.0/24 dev eth1  scope link
>    192.168.12.0/24 dev eth0  scope link
>    169.254.0.0/16 dev eth1  scope link
>    127.0.0.0/8 dev lo  scope link
>    default via 192.168.1.1 dev eth2  src 192.168.1.47  metric 1
>    firewall2:root> ip route show table mail.in
>    default via 64.65.253.1 dev eth1  src 64.65.253.246
> 
> And if I run my multi-NIC tcpdump, I see that packets which are not
> marked go out eth2, and those which ARE marked do in fact go out eth1 as
> they should... but with the source IP of the default route, rather than
> that specified in the mail.in definition. If I add
> 
>     iptables -A POSTROUTING -t nat -o eth1 -m mark --mark 1 -j SNAT
>    --to 64.65.253.246
> 
> to the nat table, all of a sudden everything works. Note, this is the
> simple two ISP case, running internal to my site, not the nasty one I
> described originally (below).
> 
> So is the "src" portion of my table intended to set the source IP, or
> did I misread the doc? And is that a bug or a feature?


Source address selection is done before the first packet is generated,
so the marks can't affect it. They just cause rerouting of the packet,
but don't change the source address afterwards.

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux