similar to: fwmark port - dual adsl line

Hi list, I''m new to this list, I just subscribed because I have some ackward about IPRoute2. First, while playing with NetFilter'' "MARK" target, I met a weird behaviour once I tried to use this marks in the RPDB : the packets where successfully marked, but it seemed that RPDB didn''t succed in matching them (for those who already know the answer, I only used

Hi, I''ve got 2 lines from two diffrent ISP''s, one is a leased line and another a DSL line, I route certain ips over the DSL line for faster access and would like email to go over the leased line as it has a static ip and is our sending mailserver ip I would like to send mail to the same ips that is routed over DSL via the leased line, otherwise my server gets blacklisted with

Hi everybody, I''m trying to set up routing for 2 links to the internet on a box which produces traffic itself (e.g. DNS) and will route all our local traffic. AS one route is quick and expensive and the other one slow and cheap, I want to be able to route packets for some high-level protocols to the second link. If I correctly understood table 3-2 in

Hello! Currently I am marking packets with IPMARK, and then using following rules: 1: class add dev eth0 parent 1:4 classid 1:100a htb rate $rate ceil $ceil quantum 1600 2: qdisc add dev eth0 parent 1:100a handle 100a:0 sfq perturb 10 3: filter add dev eth0 protocol ip parent 1:0 pref 30 handle 4106 fw classid 1:100a 4: class add dev eth1 parent 1:2 classid 1:100a htb rate $rate ceil $ceil

I made a script to test if in a moultiple gateway setup all default connection are up, regardless of the fact that that gateway is the default gw. Suppose adsl1 and adsl2 are present, and all traffic goes by default to adsl1, and you want to test if adsl2 is ok. 1. I use mangles from iptables to mark icmp packets to some test machines 2. I set up a routing table for each adsl 3. I use

I would like to route ssh in my network via DSL2 and all other trafic via DSL1. So far I menaged to do it for LAN2 but there are still WLAN1,LAN3 and LAN1 to go. On all routers I added table "pilicka" with rule for fwmark and I fwmarked ssh. # ip rule show 0: from all lookup local 32765: from all fwmark 0x3 lookup pilicka 32766: from all lookup main 32767: from all lookup

Hi, I had a nice router which was able to split my outgoing webtraffic over a dsl line, then I got a power failure and now my settings are lost and I don''t get it to run. I''ve configured a iptable rule like: /sbin/iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.10 -p TCP --dport 80 -j MARK --set-mark 1 and ip rule add fwmark 1 lookup 10 ip route add default via

Hi, not sure if it will work, i''ve 2 leased lines, behind line 1 is a webserver, this server should answer all incomming http requests through leased line 1, the webserver self parses other webserver, this outbound traffic should go over leased line 2. i''ve successfully added fwmark with iproute, but if i set the policy for the webserver to use leased line 2 (for parsing other

hi again list, first off thanks for the tips roy. here my question. i''m using ip based classes in my htb config. i would like to give some people (eg 192.168.0.20) 4mbit but only if he downloads from certain ip classes. i have my iptables marking those classes with 1 for upload and 0 for download. and finally the question: what''s the appropriate tc (or maybe iptables) command

Hi, Here I am trying something simple. My objective is to make ip rule fwmark command work :) Network Diagram: --- 192.168.250.197 (eth0) Linux Box (eth1) 192.168.8.88 -------------192.168.8.122 (eth0) Windows XP Client Configuration done on Linux Box:- (1) [root@g webauth]# iptables -t mangle -A PREROUTING -j MARK --set-mark 5 [root@g webauth]# iptables -t mangle -L Chain PREROUTING (policy

hi all, sorry for the re-post, but i am in a bad way ... trying to fwmark in OUTPUT --mangle has led to a null result for a routing table lookup. has anyone successfully accomplished this -- can you comment on your distro/iptables version ? in your debt, charles on redhat 8 with iptables 1.2.8 _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Hello.. How can I specify a class for htb based on a fwmark and user ip ? For instance: I have some routes marked with fwmark and their are very-high speed connections... But only to some IP''s.. For the rest , I must limit the user to 64Kbits Now , how can I limit the high speed connections ? I must create a rule and take in account both fwmark and IP ? To be more specific , I want

How feasible would it be to have iproute2 set fwmark, the mark normally set by ipchains/iptables? This would help iptables (postrouting) identify the intended route for a packet. Nic Ivy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=63 Summary: fwmark loopback routing issue Product: netfilter/iptables Version: linux-2.4.x Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo:

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=63 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-03-30 21:29 ------- I can confirm this bug, it

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule. I have two computers PC1 and PC2 PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection PC2:

Could someone comment on the benefits of using CLASSIFY vs fwmark (or vice versa) in iptables? I''m getting ready to implement some basic tc for VoIP and most of the examples seem to use the (older?) fwmark syntax. Should I convert these to CLASSIFY? Can the two syntaxes be mixed? Also with U32? TIA, Edwin -- <=+=+=+==+=+=+==+=+=+=+=+=+=+=+=> Edwin Whitelaw, P.E. New River

Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When

Witam wszystkich After few days with yours help I''ve succeeded with setup of load-balancing. Now I have problem with next step. I want to mark some packets and than put them to the one of the routing tables to force them going via only one interface with only one ip. Easy?? Ofcourse, but not for me :(. I''m NOT using NAT. Chain OUTPUT (policy ACCEPT 71 packets, 24227