[ale] routing and local packets
James Kinney
jkinney at localnetsolutions.com
Tue Feb 20 09:09:07 EST 2001
Can the iproute2 system route locally generated packets using fwmark?
I'm getting conflicting information from the docs. An older doc,
policy-routing, reports that fwmark'ed packets are not routable if locally
generated. The Linux 2.4 Advanced Routing HOW-TO gives instructions on
use, but no mention of locally generated packets.
Using firewall logging, I see packets that are marked hitting the OUTPUT
chain but not the POSTROUTING area.
some details:
/usr/sbin/iptables -t mangle -A OUTPUT -o eth1 -j MARK --set-mark 2
/usr/sbin/iptables -A OUTPUT -m mark --mark 2 -j LOG --log-prefix "OUTPUT mark " --log-level debug
/usr/sbin/iptables -t nat -A POSTROUTING -m mark --mark 2 -j LOG --log-prefix "POST mark " --log-level debug
/sbin/ip ru add fwmark 2 table 4 pref 1000
/sbin/ip ro add 0/0 dev eth1 table 4
# /sbin/ip ru li
0: from all lookup local
1000: from all fwmark 2 lookup 4
32766: from all lookup main
32767: from all lookup 253
# /sbin/ip route list table 4
default dev eth1 scope link
I get syslog (snipped)
kernel: OUTPUT mark IN= OUT=eth1
which matches the logging for OUTPUT.
No logging from POSTROUTING shows. The packets get dropped by routing (I
think) Does the reading of a mark change the mark? (It seems unlikely)
Suggestions? Comments? Pointers? Net guru's welcome to flame my ignorance.
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list