Re: Using MARK and TOS to route traffic through different interfaces to the same destination

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Javier Gálvez Guerrero a écrit :


It seems that it matches and manages more or less properly, but the IP
address not change while the output interface seems to be selected
accordingly the rules. As said before, each interface is binded to a
different IP address.
The source address is selected either by the sender process or by the initial routing decision, before the OUTPUT chains. Rerouting after the OUTPUT chains does not alter it even though the output interface has changed. Thus the source address selection is unaware of iptables-based advanced routing. 


This is the configuration I set:

[...]

sudo ip route add table 1 192.168.0.2 dev ath0
sudo ip route add table 2 192.168.0.2 dev eth0
Isn't there a typo ? These commands create host routes to 192.168.0.2, not default routes via gateway 192.168.0.2 as in your previous message. Another problem is that according to the interface subnets and the main routing table, 192.168.0.2 is reachable only on eth0, not ath0. 


dulceangustia@spike:~$ ip route
192.168.0.0/25 dev eth0  proto kernel  scope link  src 192.168.0.3
192.168.0.128/25 dev ath0  proto kernel  scope link  src 192.168.0.150
default via 192.168.0.1 dev eth0
Are both interfaces on the same link ? If yes, what is the subnet on that link ? 


And this is what I get:

dulceangustia@spike:~$ sudo iptables -vL
This command only shows the default (filter) table. You want to display the mangle table with -t mangle. 


I don't know why the source IP address is not changed. May be a
problem of ip route and not iptables?


I explained why the source address is unchanged, see above.


Any idea about how to solve it?
Either select the source address in the sender process (if you can select the destination port, you may be able to select the source address too) or use iptables SNAT. 


I tried also to add a POSTROUTING SNAT rule to change the origin
source but it doesn't take any effect.
It should work. What rules did you try ? Note that iperf shows only the initial source address before SNAT, not the actual address on the wire. 
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux