Re: [LARTC] marking in OUTPUT --mangle; locally generated packetsand route lookup - broken?
Hi Patrick, Sincere thanks for your time & help! > i assume you mean CONFIG_IP_ROUTE_FWMARK and not > CONFIG_IP_NF_TARGET_MARK. Yup -- sorry! > i would start with putting some printks in ipt_local_hook > (net/ipv4/netfilter/iptable_mangle.c) before the call to ip_route_me_harder > and in ip_route_me_harder (net/core/netfilter.c) itself. Trying this today ... Kindest Regards Charles Shick ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Re: [LARTC] marking in OUTPUT --mangle; locally generated packetsand route lookup - broken?]
Hi Patrick, Thanks for you message. I double checked, and my kernel .config is "y" to FWMARKing. I'm on 2.4.20-13.8 with iptables 1.2.8. The netfilter list suggested *not* using an aliased address, which i tried and that failed. bummer. More testing ... BTW, is there a way to trace or debug what's going on on my machine to track the route lookup process? Thanks! Charles On Sun, 2003-07-13 at 23:43, Patrick McHardy wrote: > I tested your setup and it works fine (with 2.5 though). Are you sure > you have > CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won't give > errors if not .. > > Bye > Patrick > > [EMAIL PROTECTED] wrote: > > >hello all, > > > >i have come accross a curious issue: > > > >+--++---+ > >| eth1 192.168.1.1 || 192.168.1.250 | > >| eth1:1 192.168.1.101 || | > >+--++---+ > > > > > >iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2 > >ip rule add fwmark 0x2 table 2 > >ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1 > > > > > >ip rule add to 192.168.1.250 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101 > > > > > > > >are there issues concerning the marking of OUTPUT packets generated on > >the local box that i should be aware of? > > > > > >many, many thanks > > > >charles > > > > > > > > > >___ > >LARTC mailing list / [EMAIL PROTECTED] > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] marking in OUTPUT --mangle; locally generated packetsand route lookup - broken?
I tested your setup and it works fine (with 2.5 though). Are you sure you have CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won't give errors if not .. Bye Patrick [EMAIL PROTECTED] wrote: hello all, i have come accross a curious issue: +--++---+ | eth1 192.168.1.1 || 192.168.1.250 | | eth1:1 192.168.1.101 || | +--++---+ iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2 ip rule add fwmark 0x2 table 2 ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2 ip route flush cache telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1 ip rule add to 192.168.1.250 table 2 ip route flush cache telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101 are there issues concerning the marking of OUTPUT packets generated on the local box that i should be aware of? many, many thanks charles ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
