----- Original Message ----- From: "Martin A. Brown" <[EMAIL PROTECTED]> To: "Chijioke Kalu" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, July 17, 2003 6:55 PM Subject: Re: [LARTC] OUTPUT chain marking after or before routing?
> Catalin, > > >When I try to connect to a smtp port somewhere in the Internet, tcpdump show > >me that these packets go to the eth2 interface (the main table default > >route). I don't know where is my mistake but it seems that the marking in > >the OUTPUT chain occurs AFTER and not BEFORE routing. Is this a correct > >behaviour? How can I solve my problem? Please help! > > According to my reading of the KPTD (and my understanding), packets > generated on the local machine have already been routed by the time the > OUTPUT chain is traversed. See: > > http://www.docum.org/stef.coene/qos/kptd/ > I'm very confused now. Look what is written in the iptables man page: ############# mangle This table is used for specialized packet alteration. It has two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). ###################### So how it is? OUTPUT marks packets AFTER or BEFORE routing? > I see two potential approaches to this problem: > > - invert your logic; main routing table uses ppp0 gateway IP as default > gateway, mark all traffic passing through your router box, and use > "ip rule add fwmark $MARK table $INTERNET" with another routing > table for the Internet-bound traffic. This approach is harder for me because this is a working gateway and I don't wan't to disturb the users with my tests. But, it is a very good idea and maybe I will try it. > > - send all locally generated traffic via ppp0; "ip rule add iif lo > table smtp" and watch all traffic generated on the local machine leave > via ppp0. You'll want to add the locally connected networks to table > smtp. I also tried that and it works. But I don't want to send all locally generated traffic to ppp0. In fact I want only the smtp traffic on ppp0. The Web traffic (including Squid generated, which is locally generated) must go to eth2. Thank you for your reply, - catalin - _______________________________________________ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
