lartc@manchotnetworks.net
2003-Jul-14 09:06 UTC
[Re: marking in OUTPUT --mangle; locally generated packets and route lookup - broken?]
Hi Patrick, Thanks for you message. I double checked, and my kernel .config is "y" to FWMARKing. I''m on 2.4.20-13.8 with iptables 1.2.8. The netfilter list suggested *not* using an aliased address, which i tried and that failed. bummer. More testing ... BTW, is there a way to trace or debug what''s going on on my machine to track the route lookup process? Thanks! Charles On Sun, 2003-07-13 at 23:43, Patrick McHardy wrote:> I tested your setup and it works fine (with 2.5 though). Are you sure > you have > CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won''t give > errors if not .. > > Bye > Patrick > > lartc@manchotnetworks.net wrote: > > >hello all, > > > >i have come accross a curious issue: > > > >+----------------------+ +---------------+ > >| eth1 192.168.1.1 |------------| 192.168.1.250 | > >| eth1:1 192.168.1.101 | | | > >+----------------------+ +---------------+ > > > > > >iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2 > >ip rule add fwmark 0x2 table 2 > >ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1 > > > > > >ip rule add to 192.168.1.250 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101 > > > > > > > >are there issues concerning the marking of OUTPUT packets generated on > >the local box that i should be aware of? > > > > > >many, many thanks > > > >charles > > > > > > > > > >_______________________________________________ > >LARTC mailing list / LARTC@mailman.ds9a.nl > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/