I am missing something. I have been googling for hours to no avail. [r...@dodo firewall]# ip route list 192.168.4.16/28 via 192.168.4.2 dev eth2 192.168.4.0/28 dev eth2 scope link 192.168.5.0/28 dev eth1 proto kernel scope link src 192.168.5.2 192.168.3.0/28 dev eth0 proto kernel scope link src 192.168.3.1 192.168.4.48/28 via 192.168.4.2 dev eth2 192.168.3.16/28 dev eth0 scope link 192.168.4.32/28 via 192.168.4.2 dev eth2 192.168.0.0/24 dev eth1 scope link 127.0.0.0/8 dev lo scope link [r...@dodo firewall]# ip rule show 0: from all lookup local 32764: from all fwmark 0x3 lookup lcl_xer 32765: from all fwmark 0x2 lookup lcl_web 32766: from all lookup main 32767: from all lookup 253 [r...@dodo firewall]# iptables -nvL -t mangle Chain PREROUTING (policy ACCEPT 704K packets, 149M bytes) pkts bytes target prot opt in out source destination 3889 278K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:02:E3:02:C8:8F MARK set 0x3 1 66 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MAC 00:40:F4:2D:AF:5C MARK set 0x2 959 94991 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x3 0 0 LOG all -- * * 192.168.1.0/24 0.0.0.0/0 LOG flags 0 level 4 prefix `lan_source:' 0 0 LOG all -- * * 0.0.0.0/0 192.168.1.0/24 LOG flags 0 level 4 prefix `lan_destination:'
Chain INPUT (policy ACCEPT 703K packets, 149M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 263 packets, 75666 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 675K packets, 175M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 675K packets, 175M bytes) pkts bytes target prot opt in out source destination [r...@dodo firewall]# ip route list table lcl_xer 192.168.1.0/24 via 192.168.3.2 dev eth0 192.168.1.0/24 via 192.168.4.2 dev eth2 metric 2 [r...@dodo firewall]# ip route list table lcl_web 192.168.1.0/24 via 192.168.3.18 dev eth0 192.168.1.0/24 via 192.168.4.2 dev eth2 metric 2 [r...@dodo firewall]# As you can see, routing table lcl_xer and routing table lcl_web both have routing rules for 192.168.1.0/24. Oddly enough, the logging rules in the mangle table never trigger. When I try to ping 192.168.1.1 I just get an error that the network is unreachable. This is not in the advanced routing howto guide folks. The kernel is 2.4.22 and yes I checked for MARK support and yes I did compile it in. It appears that the kernel not seeing a route in the main table doesn't produce any packets. _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug