[LARTC] rule fwmark desn't work for local packets (output chain)

Thu, 30 Mar 2006 17:16:42 -0800 

Witam wszystkich

After few days with yours help I've succeeded with setup of load-balancing. 
Now I have problem with next step. I want to mark some packets and than put 
them to the one of the routing tables to force them going via only one 
interface with only one ip. Easy?? Ofcourse, but not for me :(. 


I'm NOT using NAT.

Chain OUTPUT (policy ACCEPT 71 packets, 24227 bytes)  pkts bytes target prot 
opt in     out     source        destination
35    2940 MARK       all  --  *      *       0.0.0.0/0       217.17.45.128/27  
     
MARK set 0x32 

lucy ~ # ip rule
0:      from all lookup local
10:     from all lookup main
34:     from all fwmark 50 lookup zew
50:     from 80.48.56.70 lookup zew
60:     from 192.168.200.10 lookup wew
100:    from all lookup brama
32766:  from all lookup main
32767:  from all lookup default

it should working fine but it's not


with this sets of rouls all is ok.
lucy ~ # ip rule
0:      from all lookup local
10:     from all lookup main
34:     from all to 217.17.45.128/27 lookup zew
50:     from 80.48.56.70 lookup zew
60:     from 192.168.200.10 lookup wew
100:    from all lookup brama
32766:  from all lookup main
32767:  from all lookup default

When I use fwmark packets are send with wrong src ip via eth0 (table zew) they 
have ip of eth1 and the wrong gw addres but they are send via eth0. So the 
rule is working (packets goes to zew table) but they have wrong src ip. 
When I use "ip rule add to..." insted of fwmark all is ok.

So what is the difference between iptable marking and "ip rule add to..."  for 
the kernel. 
Does packet arrive to the mangle table of output chain after or before 
routing.
According this
http://www.docum.org/docum.org/kptd/ 
packet is after routing

My question is how to change his src ip without using NAT if there is any??
Or maby any other ideas how to solve my problem.

lucy ~ # ip rout show table zew
127.0.0.0/8 dev lo  scope link
default via 80.48.56.65 dev eth0  proto static  src 80.48.56.70
prohibit default  proto static  metric 1

lucy ~ # ip rout show table wew
127.0.0.0/8 dev lo  scope link
default via 192.168.1.1 dev eth1  proto static  src 192.168.200.10
prohibit default  proto static  metric 1

lucy ~ # ip rout show table brama
default  proto static
        nexthop via 192.168.1.1  dev eth1 weight 1
        nexthop via 80.48.56.65  dev eth0 weight 1

lucy ~ # ip rout show table main
80.48.56.128/26 dev eth0  proto kernel  scope link  src 80.48.56.70
80.48.56.64/26 dev eth0  proto kernel  scope link  src 80.48.56.70
192.168.0.0/16 dev eth1  proto kernel  scope link  src 192.168.200.10
127.0.0.0/8 dev lo  scope link

Pozdrawiam

----------------------------------------------------------------------
Auto kontra pociag: efekt konfrontacji! > http://link.interia.pl/f1921 

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Reply via email to