mangling stop working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi list from few days we are getting very strange problem on our
office gateway running 2.6.11.8 kernel (custom compiled)

We are using iproute2 + iptables marking feature to select different
route and to route port 80 towards our cache server which again
running linux + custom kernel.


#echo 221 cache.out >> /etc/iproute2/rt_tables
#ip rule add fwmark 1 table cache.out
#ip route add default via xxx.xxx.xxx.xx dev eth0 table cache.out
#ip route flush cache

#Mangle for Above Rule######
iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK
--set-mark 1 (marking for port 80, directed towards cache server)
iptables -A PREROUTING -i eth0 -t mangle -p tcp -d xxx.xxx.xxx.xx -j
MARK --set-mark 2 (direct the traffic for our company webserver)
.
.
# then the SNAT rule

>From last two days if I checked on webserver (httpd) access.log, found
that few of our LAN clients accessing web with proxy server IP, and
the rest LAN clients with gatway IP. The problem is that we have few
secure links which is restricted to be access from few IPs including
the gateway IP. So if client coming with proxy server IP they got
permission denied page.
Then I have to add the proxy server IP in "allow", however this is not
the solution thigns were working just fine from last few months its
only from two days we are getting this problem.
Yesterday I delete all the "ip rule" and rerun the firewall script, 
things start working but later in the morning I got the call from work
that again few clients "LAN" getting the same "permission denied"

Is this a bug in iproute2 or iptables ?

Any help in this regard will be greatly appreciated.


regards

Askar Ali
-- 
I love deadlines. I like the whooshing sound they make as they fly by.
Douglas Adams



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux