Hi Martin, Catalin, Chijioke,

This subject intrigues me greatly and is closely related to a post of
just a few days ago:

<snip from my original post>

> >+----------------------+            +---------------+
> >| eth1   |------------| |
> >| eth1:1 |            |               |
> >+----------------------+            +---------------+
> >
> >
> >iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2
> >ip rule add fwmark 0x2 table 2
> >ip route add dev eth1 src table 2
> >ip route flush cache
> >
> >
> >telnet ; and tcpdump gives src ip address as
> >
> >
> >
> >ip rule add to table 2
> >ip route flush cache
> >
> >
> >telnet ; and tcpdump gives src ip address as
> >

> According to my reading of the KPTD (and my understanding), packets
> generated on the local machine have already been routed by the time the
> OUTPUT chain is traversed.  See:
>   http://www.docum.org/stef.coene/qos/kptd/
i have spent alot of time looking at this diagram and don't understand
what happens when. curiously, to my post patrick McHardy was kind enough
to test and:

On Sun, 2003-07-13 at 23:43, Patrick McHardy wrote:
> I tested your setup and it works fine (with 2.5 though). Are you sure 
> you have
> CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won't
> give errors if not ..

very interesting, and i have yet to make it work here, although i
haven't debugged it yet

>  : have u tried putting it on the FORWARD chain??
> Unfortunately the FORWARD chain will not work if these are locally
> generated packets.

> I see two potential approaches to this problem:
>   - invert your logic; main routing table uses ppp0 gateway IP as default
>     gateway, mark all traffic passing through your router box, and use
>     "ip rule add fwmark $MARK table $INTERNET" with another routing
>     table for the Internet-bound traffic.
martin, this is pure genius

>   - send all locally generated traffic via ppp0; "ip rule add iif lo
>     table smtp" and watch all traffic generated on the local machine leave
>     via ppp0.  You'll want to add the locally connected networks to table
>     smtp.
can you comment why this is -- 

ip rule to xxx.xxx.xxx.xxx table n

works, and 

iptables fwmark y table n

doesn't? is it because OUTPUT checked the rule while the packet was
"generated" locally, but not after it was marked? 

1000 thanks


LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to