How to forward marked packets with same local IP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I have a PoC that I would like to accomplish without doing NAT.

Basically I have a Linux_machine_1 and Linux_machine_2 behind a Linux_router_1

Linux_router_1 has public IP 100.84.10.10 and public IP 100.84.10.11

I would like to have both Linux machines to use both public IPs of the
Linux router.

I can do this fine using NAT but I was thinking about assigning the
public IPs as /32 to each Linux_machine and marking packets based on
the source MAC and then restore the packets with connmark-restore.

I tried this but is not working, the TRACE shows that the packet is
being ignored at the routing decision before being forwarded out to
the internet.

Linux_router_1:
[  +6.125394] TRACE: raw:PREROUTING:policy:3 IN=ens33 OUT=
MAC=00:0c:29:d8:c7:68:00:0c:29:df:17:df:08:00 SRC=100.84.10.10
DST=1.1.1.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=28832 DF PROTO=TCP
SPT=33694 DPT=80 SEQ=376430434 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0
OPT (020405B40402080A0032AFC20000000001030306)
[  +0.000033] TRACE: mangle:PREROUTING:rule:1 IN=ens33 OUT=
MAC=00:0c:29:d8:c7:68:00:0c:29:df:17:df:08:00 SRC=100.84.10.10
DST=1.1.1.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=28832 DF PROTO=TCP
SPT=33694 DPT=80 SEQ=376430434 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0
OPT (020405B40402080A0032AFC20000000001030306)
[  +0.000011] TRACE: mangle:PREROUTING:rule:2 IN=ens33 OUT=
MAC=00:0c:29:d8:c7:68:00:0c:29:df:17:df:08:00 SRC=100.84.10.10
DST=1.1.1.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=28832 DF PROTO=TCP
SPT=33694 DPT=80 SEQ=376430434 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0
OPT (020405B40402080A0032AFC20000000001030306)
[  +0.000023] TRACE: mangle:PREROUTING:policy:4 IN=ens33 OUT=
MAC=00:0c:29:d8:c7:68:00:0c:29:df:17:df:08:00 SRC=100.84.10.10
DST=1.1.1.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=28832 DF PROTO=TCP
SPT=33694 DPT=80 SEQ=376430434 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0
OPT (020405B40402080A0032AFC20000000001030306) MARK=0x2
[  +0.000029] TRACE: nat:PREROUTING:policy:1 IN=ens33 OUT=
MAC=00:0c:29:d8:c7:68:00:0c:29:df:17:df:08:00 SRC=100.84.10.10
DST=1.1.1.1 LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=28832 DF PROTO=TCP
SPT=33694 DPT=80 SEQ=376430434 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0
OPT (020405B40402080A0032AFC20000000001030306) MARK=0x2


Is there a way to forward traffic based on the pair IP:mark while
ignoring that the IP is the same as the local one?

Thanks,
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux