similar to: iproute with fwmark

Hi everybody, sorry for posting again, however I''ve moved the problem now ;-) After digging a bit deeper, I''ve successfully set up the routing as such, it works for incoming as well as outgoing packets that take the default route. Changing some of the routes using IP works as well. When I mark some outgoing packets in order to send them via another route (the fast leased line

Hi List, i have a realy strange problem with no solution yet, i''m using iproute together with the iptables mangle option, in a dmz network is a cisco pix present with another inet link behind, therefore i''m using the mangle option to split traffic on a protocol base like: iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.5 -p tcp --dport 80 -j MARK --set-mark 3 and add the

Hi all, Below is my network diagram: - eth0 (adsl 1) eth1 (adsl 2) | | | | | | | | ----------------- | | | Gateway | | | ----------------- | | | tun0 Below is my iptables scripting to mark certain ports: -

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

Hi, I''ve got 2 lines from two diffrent ISP''s, one is a leased line and another a DSL line, I route certain ips over the DSL line for faster access and would like email to go over the leased line as it has a static ip and is our sending mailserver ip I would like to send mail to the same ips that is routed over DSL via the leased line, otherwise my server gets blacklisted with

I have a box with only 1 IP (lets say 10.0.0.1) which has an ipip tunnel to another machine (lets say 10.2.0.1)(different networks) i wan''t all packets coming to 10.0.0.1 destination port 80 be routed thru the tunnel device and be answered by 10.2.0.2 (which has an interface configured with 10.0.0.1). It works if the incoming ip address is not configured on the receiving machine

Hi, I got a problem with iproute and shorewall but I don''t know where the real problem is yet, perhaps someone can shed any light on this one. What we currently do is route all traffic coming from a specific host through our second isp''s nat router. This is done via SNAT on our own router. /etc/shorewall/masq: eth2 $INTERNALHOSTA 192.168.0.142 We now

Hello, I have tested a simple thing in two version of Linux and there was a problem when I have used fwmark as a selector for rule lookups. As you can see below on the Slack, the <test> table doesn''t have any label about fwmark. Is there an iproute problem? -------------------------------------- # cat /etc/fedora-release Fedora Core release 2 (Tettnang) # uname -r 2.6.5-1.358 #

Hi, could anyone provides any example about the use of ip route command to force the use of one route using masks in the mark? The configuration is: 1 LAN (zlan0) iface N WAN (wan0 ... wanN) ifaces with static IPs and load balanced. iptables 1.3.7 kernel 2.6.19.2 iproute 2.6.19 I''m yet setting marks into packets for QoS and its working, I now want to set some bits (OR)

Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule. I have two computers PC1 and PC2 PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection PC2:

Hi list, I''m new to this list, I just subscribed because I have some ackward about IPRoute2. First, while playing with NetFilter'' "MARK" target, I met a weird behaviour once I tried to use this marks in the RPDB : the packets where successfully marked, but it seemed that RPDB didn''t succed in matching them (for those who already know the answer, I only used

I''m having trouble routing on high fwmarks, I want to use a lot of different marks for 2 routes so that I can QoS based on the marks ip rule looks like this: 0: from all lookup local 32751: from all fwmark 31 lookup dslout 32752: from all fwmark 30 lookup dslout 32753: from all fwmark 29 lookup dslout 32754: from all fwmark 28 lookup dslout 32755: from

Hello.. How can I specify a class for htb based on a fwmark and user ip ? For instance: I have some routes marked with fwmark and their are very-high speed connections... But only to some IP''s.. For the rest , I must limit the user to 64Kbits Now , how can I limit the high speed connections ? I must create a rule and take in account both fwmark and IP ? To be more specific , I want

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hi, Here I am trying something simple. My objective is to make ip rule fwmark command work :) Network Diagram: --- 192.168.250.197 (eth0) Linux Box (eth1) 192.168.8.88 -------------192.168.8.122 (eth0) Windows XP Client Configuration done on Linux Box:- (1) [root@g webauth]# iptables -t mangle -A PREROUTING -j MARK --set-mark 5 [root@g webauth]# iptables -t mangle -L Chain PREROUTING (policy

Witam wszystkich After few days with yours help I''ve succeeded with setup of load-balancing. Now I have problem with next step. I want to mark some packets and than put them to the one of the routing tables to force them going via only one interface with only one ip. Easy?? Ofcourse, but not for me :(. I''m NOT using NAT. Chain OUTPUT (policy ACCEPT 71 packets, 24227

CentOS Errata and Bugfix Advisory 2014:0570 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0570.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 31a7240ff770ddd2f18715bccd1907f290b22468f2fa7d654e912e242cdeafcb iproute-2.6.32-32.el6_5.i686.rpm

CentOS Errata and Bugfix Advisory 2014:1814 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1814.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 11b560b8b12bef924870b17dd0580fe72624e17d692d7206870738a5999abbc6 iproute-2.6.32-33.el6_6.i686.rpm

I would like to route ssh in my network via DSL2 and all other trafic via DSL1. So far I menaged to do it for LAN2 but there are still WLAN1,LAN3 and LAN1 to go. On all routers I added table "pilicka" with rule for fwmark and I fwmarked ssh. # ip rule show 0: from all lookup local 32765: from all fwmark 0x3 lookup pilicka 32766: from all lookup main 32767: from all lookup

Could someone comment on the benefits of using CLASSIFY vs fwmark (or vice versa) in iptables? I''m getting ready to implement some basic tc for VoIP and most of the examples seem to use the (older?) fwmark syntax. Should I convert these to CLASSIFY? Can the two syntaxes be mixed? Also with U32? TIA, Edwin -- <=+=+=+==+=+=+==+=+=+=+=+=+=+=+=> Edwin Whitelaw, P.E. New River