Le jeudi 04 dÃcembre 2003 Ã 18h27 (+0800), kaiwen Ãcrivait : > Routing Table: > [EMAIL PROTECTED] webauth]# ip route show table main > 192.168.250.0/24 dev eth0 scope link > 127.0.0.0/8 dev lo scope link > default via 192.168.250.254 dev eth0
Do you realy want to not have a route for network 192.168.8.0/24(eth1)? > [EMAIL PROTECTED] webauth]# ip route show table test > 192.168.8.0/24 dev br0 scope link > default via 192.168.250.254 dev eth0 Do you realy want to not have a route for network 192.168.250.0/24(eth0)? Also, take care of using bridge (br0) since iptables doesn't apply on it without a kernel patch AFAIK. > 32765: from all fwmark d lookup test Ok. > [EMAIL PROTECTED] webauth]# iptables -t mangle -L > Chain PREROUTING (policy ACCEPT) > target prot opt source destination > MARK all -- anywhere anywhere MARK set 0x13 Take care that "anywere to anywere" means it applies for the return of replies (ICMP echo-reply) to request (ICMP echo-request) too... > Ping from Client 192.168.8.134 to Router eth1 192.168.8.88, Ping FAILED. > I think I am missing something in the configuration. > I tried setting > > ip rule add from 192.168.8.0/24 table test > Ping is SUCCESS in this case. Probably because it uses table test for the ICMP echo-request, but not for the ICMP echo-reply coming back... So you may need to be more precise on your iptable mangle rule by specifying source addresses. Also, "tcpdump" is your friend to look for problem symptoms. (use something like "tcpdump -lni any icmp") Regards, -- J.C. "ãããã" ANDRà <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique rÃgional / Associà technologie projet Reflets (CODA) Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Là ThÃnh TÃng, T.T. HoÃn Kiám, Hà Nái, Viát Nam TÃl. : +84 4 9331108 Fax : +84 4 8247383 Mobile : +84 91 3248747 â Note personnelle : merci d'Ãviter de m'envoyer des fichiers PowerPoint â â ou Word ; voir http://www.fsf.org/philosophy/no-word-attachments.fr.html â
