[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] routing and local packets
- Subject: [ale] routing and local packets
- From: jkinney at localnetsolutions.com (James Kinney)
- Date: Tue, 20 Feb 2001 09:09:07 -0500 (EST)
Can the iproute2 system route locally generated packets using fwmark?
I'm getting conflicting information from the docs. An older doc,
policy-routing, reports that fwmark'ed packets are not routable if locally
generated. The Linux 2.4 Advanced Routing HOW-TO gives instructions on
use, but no mention of locally generated packets.
Using firewall logging, I see packets that are marked hitting the OUTPUT
chain but not the POSTROUTING area.
some details:
/usr/sbin/iptables -t mangle -A OUTPUT -o eth1 -j MARK --set-mark 2
/usr/sbin/iptables -A OUTPUT -m mark --mark 2 -j LOG --log-prefix "OUTPUT mark " --log-level debug
/usr/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j LOG --log-prefix "POST mark " --log-level debug
/sbin/ip ru add fwmark 2 table 4 pref 1000
/sbin/ip ro add 0/0 dev eth1 table 4
# /sbin/ip ru li
0: from all lookup local
1000: from all fwmark 2 lookup 4
32766: from all lookup main
32767: from all lookup 253
# /sbin/ip route list table 4
default dev eth1 scope link
I get syslog (snipped)
kernel: OUTPUT mark IN= OUT=eth1
which matches the logging for OUTPUT.
No logging from POSTROUTING shows. The packets get dropped by routing (I
think) Does the reading of a mark change the mark? (It seems unlikely)
Suggestions? Comments? Pointers? Net guru's welcome to flame my ignorance.
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.