Marking packets and using a different routing table from main

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I'm trying to route some network traffic to be ouput from a specific
interface in my host but I can't get it working.

I want RTSP outcoming traffic from my host being output through the
interface (let it be) ra0, but I want to do it configuring packets to
follow the routing table 1 instead the main one, so I can configure
multiple interfaces with different routing tables and switch marking
rules instead of changing the main routing table.

This is what I do:

1. Mark traffic:

iptables -A OUTPUT -t mangle -p tcp --dport 8554 -j MARK --set-mark 1


2. Configure interface:

ifconfig ra0 up 192.168.0.2/24 netmask 255.255.255.0
iwconfig ra0 essid network_X


3. Add ip rule:

ip rule add fwmark 1 table 1 prio 1


4. Configure routing table 1:

ip route add 192.168.0.0/24 dev ra0
ip route add default via 192.168.0.1 dev ra0


As soon as I have this set up, traffic is properly sent, but I have
noted that this is because I've got in the main routing table
configured:

192.168.0.0/24 dev ra0  proto kernel  scope link  src 192.168.0.2
default via 192.168.0.1 dev ra0


Then, if I remove the default line in the main table, the traffic is
lost (not sent). I've tried with TCP, UDP and ICMP traffic and I get
the same results. I can't understand why the packets don't follow the
configured rules (that's routing table 1) instead of the main one, as
I have marked packets and configured rules and routing tables in order
to do it.

I have also noted that if I add a prohibit rule in the rule table,
marked packets are not sent (that's ok), so marked packets follow
prohibit rules but not other tables than the main one.


I'm using Ubuntu 8.10 (kernel 2.6.27-11) and iptables 1.4.0. These are
the modules I have loaded:

$ lsmod | grep ip
iptable_nat            13448  0
nf_nat                 25368  1 iptable_nat
nf_conntrack_ipv4      21900  3 iptable_nat,nf_nat
nf_conntrack           72032  3 iptable_nat,nf_nat,nf_conntrack_ipv4
iptable_mangle         10880  1
ipv6                  263972  10
iptable_filter         10752  0
ip_tables              19600  3 iptable_nat,iptable_mangle,iptable_filter
x_tables               22916  5 xt_DSCP,xt_MARK,xt_tcpudp,iptable_nat,ip_tables


I would like to know if anyone has faced some related issues or if
anyone can help me in order to solve this. Any help would be much
appreciated.


Thanks for your time,
Javi
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux