2009/12/10 Moby <moby@xxxxxxxxxxxxxx> > > > On 12/10/2009 10:54 AM, ESGLinux wrote: > >> Hello, >> >> The problem with that is that the routing decision is made before the >> packets get marked, so although I get the packets marked they follow the >> route decided in the previous steps >> >> you can see this steps in this web: >> >> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html >> >> <http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html>or am I >> doing >> anything wrong? >> >> Thanks, >> >> ESG >> >> >> 2009/12/10 Moby<moby@xxxxxxxxxxxxxx> >> >> >> >>> >>>> For local traffic, set your mark on all traffic originiating from >>>> >>>> >>> 127.0.0.1 and other local IPs of the machine sent to destination port 80 >>> or >>> 443. >>> >>> -- >>> --Moby >>> >>> They that can give up essential liberty to obtain a little temporary >>> safety >>> deserve neither liberty nor safety. -- Benjamin Franklin >>> >>> >>> -- >>> redhat-list mailing list >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >>> https://www.redhat.com/mailman/listinfo/redhat-list >>> >>> >>> >> > I looked at the link you posted, and most I can say is perhaps the document > there needs some correct. > I have the following line in my config: > iptables -t mangle -A PREROUTING -s 127.0.0.0/24 -j MARK --set-mark 2 > and I know for sure it works. > You may perhaps want to try something along these lines and see what > happens in your case? > > > Hi Moby, I have tried with this lines: iptables -t mangle -A PREROUTING -s 127.0.0.0/24 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -s 192.168.2.0/24 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -s 192.168.1.1/32 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -s 192.168.3.0/24 -j MARK --set-mark 2 #ip route flush cache and the traffic from the LAN goes to the gw1, but the traffic from the firewall goest to gw0. The packets gets marked from the first rule: iptables -nvx -L -t mangle ..... 949 124702 MARK all -- * * 127.0.0.0/24 0.0.0.0/0 MARK set 0x2 0 0 MARK all -- * * 192.168.2.0/24 0.0.0.0/0 MARK set 0x2 0 0 MARK all -- * * 192.168.1.1 0.0.0.0/0 MARK set 0x2 11 6336 MARK all -- * * 192.168.3.0/24 0.0.0.0/0 MARK set 0x2 ...... but they don´t get routed to the correct gateway... I think the doc form iptables is right. (I have seen this info repeated in many webs) Greetings, ESG > -- > --Moby > > They that can give up essential liberty to obtain a little temporary safety > deserve neither liberty nor safety. -- Benjamin Franklin > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
