LARTC - Mar 2001 - policy routing

Hello,

I''m trying to route packets based on ''mark'' numbers i
give to packets
according to their port number using iptables. I''m having real trouble
setting up routes based on this. I''m issuing the following commands
assuming i have marked packets of a certain type with a 1:


echo 201 first.table >> /etc/iproute2/rt_tables

ip rule add fwmark 1 table first.table
 
ip route add 30.0.0.0/8 dev eth0 table first.table

Basically its just like the exampls in the How To. I have to use Linux
kernel v-2.3.99-pre7, so am using iptables 1.0.0.

when i attempt to mark ICMP packets i get ''network
unreachable'' when i
ping another machine on our testbed which is not on the same subnet i.e
not 30.0.0.x

Can anyone help?
ThanKs!
Greg.
 



-- 
----------------------
Gregory OSINAIKE (ee9829@elec.qmw.ac.uk)
Electronic Engineering Department
Queen Mary and Westfield College

On Tue, Mar 20, 2001 at 12:26:00PM +0000, Gregory OSINAIKE
wrote:
> Hello,
> 
> I''m trying to route packets based on ''mark''
numbers i give to packets
> according to their port number using iptables. I''m having real
trouble
> setting up routes based on this. I''m issuing the following
commands
> assuming i have marked packets of a certain type with a 1:
> 
> 
> echo 201 first.table >> /etc/iproute2/rt_tables
> 
> ip rule add fwmark 1 table first.table
>  
> ip route add 30.0.0.0/8 dev eth0 table first.table
> 
> Basically its just like the exampls in the How To. I have to use Linux
> kernel v-2.3.99-pre7, so am using iptables 1.0.0.
> 
> when i attempt to mark ICMP packets i get ''network
unreachable'' when i
> ping another machine on our testbed which is not on the same subnet i.e
> not 30.0.0.x
You also need to define a default gateway for marked packets then, I think.

Regards,

bert

-- 
http://www.PowerDNS.com      Versatile DNS Services  
Trilab                       The Technology People   
''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet