similar to: mark value as routing key

Hello. I have a pretty strange problem with routing and iptables mark. My firewall has a classic 3 NIC config: one nic connected to the ISP routers, one network for DMZ and the third network for my private network. Here is the schema: HUB HDSL router----+----ADSL router | | HDSL IP---eth0---ADSL IP | | +-------+------+ | | | | | | | | |

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hello everybody. I''m running linux 2.6.19 with nth match to alternatively snat outgoing connections to two different ip addresses for load balancing between two adsl lines: Here is: $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adslA $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport

Hello guys, I am still in doubt about this kind of server. So my question is about the "prio" at routing tables like: I have 3 tables in /etc/iproute2/rt_tables: 201 201 202 202 222 222 In table 201 there is the rules about my internet link (frame relay) that comes into eth0. So I made this route into it: [root@ns2 iproute2]# ip route show table 201 default via

Hello, I''ve setup a router with linux 2.4.26 with h323 conntrack patch from pom-ng. The network schema is: ADSL internal |--------|--------------------- ----------| Linux | |--------|--------------------- Frame-Relay Default gw is frame relay and i''m using netfilter mark to send traffic to adsl. # ip rule ls 0:

Hi, Here I am trying something simple. My objective is to make ip rule fwmark command work :) Network Diagram: --- 192.168.250.197 (eth0) Linux Box (eth1) 192.168.8.88 -------------192.168.8.122 (eth0) Windows XP Client Configuration done on Linux Box:- (1) [root@g webauth]# iptables -t mangle -A PREROUTING -j MARK --set-mark 5 [root@g webauth]# iptables -t mangle -L Chain PREROUTING (policy

Hi all, i''m puzzled by a ploblem and I don''t know how to debug it... I have a firewall with 2 gateways, adsl and isdn. Main gateway is via adsl, backup via isdn. I setup 2 table ''adsl'' and ''isdn''. You can find a description below. I made a script to test both tables. That mainly 1. adds an iptables -t mangle -A

Hello, I have a LINUX server with two internet connections available. I want all the traffic to go over the default route, but HTTP traffic to go over ISP2 line. Interfaces: eth1 192.168.2.254 - LAN 192.168.2.x ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route) eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a hardware router) I have the following configuration: echo

Hi all! I''ve got 2 (soon 3) internet connection. 1 - via ADSL, 2(and3) via ppp My network: http://desima.objectis.net/network-diag linux1: user1.user2 eth0=192.168.1.1 ppp0=192.168.5.2( gw 192.168.5.1) gw=192.168.1.2 ( thru ADSL) compA=192.168.1.6 compB=192.168.1.15 gw2=192.168.1.217 via ppp to different ISP All works for compA and CompB, user1 should use default gw(192.168.1.2)

I''m having trouble routing on high fwmarks, I want to use a lot of different marks for 2 routes so that I can QoS based on the marks ip rule looks like this: 0: from all lookup local 32751: from all fwmark 31 lookup dslout 32752: from all fwmark 30 lookup dslout 32753: from all fwmark 29 lookup dslout 32754: from all fwmark 28 lookup dslout 32755: from

Hi, I have some problems with my routing configuration. My router has two connections to the internet, eth1 (2Mbit) and ppp0 (ADSL). On the eth1 connection I do a –snat and on ppp0 I do masquerading. I use iptables to mark packets / connections in the -t mangle -A PREROUTING and OUTPUT chains. The marks (1 and 2) are used to decide which route do use to route a packet. My routing configuration:

Hello, I have tested a simple thing in two version of Linux and there was a problem when I have used fwmark as a selector for rule lookups. As you can see below on the Slack, the <test> table doesn''t have any label about fwmark. Is there an iproute problem? -------------------------------------- # cat /etc/fedora-release Fedora Core release 2 (Tettnang) # uname -r 2.6.5-1.358 #

[ I hope this isn''t a dupe. Evolution crashed on my last send and I see nothing in my logs that leads me to believe the mail made it out before the crash ] Well, it probably is working. I''m probably just misunderstanding something. Given routing rules that look like this: 0: from all lookup local 10000: from all fwmark 0x40 lookup CGCO 10001: from all fwmark 0x80

Hi all, I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables: [root at lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan

I would like to route ssh in my network via DSL2 and all other trafic via DSL1. So far I menaged to do it for LAN2 but there are still WLAN1,LAN3 and LAN1 to go. On all routers I added table "pilicka" with rule for fwmark and I fwmarked ssh. # ip rule show 0: from all lookup local 32765: from all fwmark 0x3 lookup pilicka 32766: from all lookup main 32767: from all lookup

Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from

hi I have trying to remove the extra rules from my routing tables, however with no luck Also I want to know these duplicate entries have an effect on packets going routed? I have this overwhelming rules lists from my predessor who added the "ip rule add fwmark" entries in firewall script, and on each run of firewall script its creates an extra entry in routing table. Now what I want to

Etx1 - First Internet Line - eth0 Ext2 - Second Internet line - eth2 LAN - Local Area Network - eth1 Other traffic - Ext1 -------+-------+--------------- Ext2 ---Web goes Here eth0 | |eth2 +-------+-------+ | ROUTER | +----+------+---+ |eth1 192.168.0.0/24 -----------------+ | 192.168.0.1/24------------------- - Gateway |

Witam wszystkich After few days with yours help I''ve succeeded with setup of load-balancing. Now I have problem with next step. I want to mark some packets and than put them to the one of the routing tables to force them going via only one interface with only one ip. Easy?? Ofcourse, but not for me :(. I''m NOT using NAT. Chain OUTPUT (policy ACCEPT 71 packets, 24227

Hi I have a FW dual homed to the Internet via a leased line and most recently by a ADSL line. I have SQUID running on the FW which I want to direct to the ADSL line as well as other traffic from my LAN. After reading the LARTC Howto and the on-line book by Matthew ?? I have my LAN-Internet traffic sorted but the SQUID traffic is a problem. This is my config on a test machine: Chain