similar to: Match packet mark with --set-mark to ip rule fwmark

Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from

Hi, I am trying to achieve Stateless NAT with ip rule and ip route. Thanks to LARTC doc, I have done it :) But, I have a lot of client wanted access to Internet, setting up 2 rules for each of them is not desirable. For example I have 2 clients: Current setting: [root@son-ag webauth]# ip ru 0: from all lookup local 32760: from 192.168.8.113 lookup main map-to 192.168.250.113 32761:

Witam wszystkich After few days with yours help I''ve succeeded with setup of load-balancing. Now I have problem with next step. I want to mark some packets and than put them to the one of the routing tables to force them going via only one interface with only one ip. Easy?? Ofcourse, but not for me :(. I''m NOT using NAT. Chain OUTPUT (policy ACCEPT 71 packets, 24227

Hi all, I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables: [root at lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan

I''m having trouble routing on high fwmarks, I want to use a lot of different marks for 2 routes so that I can QoS based on the marks ip rule looks like this: 0: from all lookup local 32751: from all fwmark 31 lookup dslout 32752: from all fwmark 30 lookup dslout 32753: from all fwmark 29 lookup dslout 32754: from all fwmark 28 lookup dslout 32755: from

I would like to route ssh in my network via DSL2 and all other trafic via DSL1. So far I menaged to do it for LAN2 but there are still WLAN1,LAN3 and LAN1 to go. On all routers I added table "pilicka" with rule for fwmark and I fwmarked ssh. # ip rule show 0: from all lookup local 32765: from all fwmark 0x3 lookup pilicka 32766: from all lookup main 32767: from all lookup

hi I have trying to remove the extra rules from my routing tables, however with no luck Also I want to know these duplicate entries have an effect on packets going routed? I have this overwhelming rules lists from my predessor who added the "ip rule add fwmark" entries in firewall script, and on each run of firewall script its creates an extra entry in routing table. Now what I want to

I made a script to test if in a moultiple gateway setup all default connection are up, regardless of the fact that that gateway is the default gw. Suppose adsl1 and adsl2 are present, and all traffic goes by default to adsl1, and you want to test if adsl2 is ok. 1. I use mangles from iptables to mark icmp packets to some test machines 2. I set up a routing table for each adsl 3. I use

Hello, I have a LINUX server with two internet connections available. I want all the traffic to go over the default route, but HTTP traffic to go over ISP2 line. Interfaces: eth1 192.168.2.254 - LAN 192.168.2.x ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route) eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a hardware router) I have the following configuration: echo

Hello! This arguments never run on my system, but I need this: #!/bin/bash -x echo "1" iptables -t mangle -p tcp -d 0/0 --dport 80 -j MARK --set-mark 2 echo "2" echo "201 T1" >> /etc/iproute2/rt_tables echo "3" ip rule add fwmark 2 table T1 echo "4" ip route add default via 192.168.21.2 dev eth1 table T1 echo "5" ip route

Hello, I have tested a simple thing in two version of Linux and there was a problem when I have used fwmark as a selector for rule lookups. As you can see below on the Slack, the <test> table doesn''t have any label about fwmark. Is there an iproute problem? -------------------------------------- # cat /etc/fedora-release Fedora Core release 2 (Tettnang) # uname -r 2.6.5-1.358 #

Hello, I''ve setup a router with linux 2.4.26 with h323 conntrack patch from pom-ng. The network schema is: ADSL internal |--------|--------------------- ----------| Linux | |--------|--------------------- Frame-Relay Default gw is frame relay and i''m using netfilter mark to send traffic to adsl. # ip rule ls 0:

Hi, I have a computer which is used as router/firewall/VPN with four network card. One connected on the LAN (br0, 10.0.0.0/24), the three others to three different ISP, eth0 192.168.1.0/29, eth1 192.168.0.0/24, eth2 192.168.2.0/29. This computer is under Linux 2.6.11 with the Julian Anastasov routes patch. The configuration by default is to balance the load on the three interfaces. Then, I

Hi list, I''m new to this list, I just subscribed because I have some ackward about IPRoute2. First, while playing with NetFilter'' "MARK" target, I met a weird behaviour once I tried to use this marks in the RPDB : the packets where successfully marked, but it seemed that RPDB didn''t succed in matching them (for those who already know the answer, I only used

Hi all, Below is my network diagram: - eth0 (adsl 1) eth1 (adsl 2) | | | | | | | | ----------------- | | | Gateway | | | ----------------- | | | tun0 Below is my iptables scripting to mark certain ports: -

Hello, LARTC mailing readers, I hope u can help with this mysterious issue i''m having with my linux box acting as a router. Scenario: Linux running 2.6.8.1 /w julians patches Latest iproute (iproute2-ss040702) 4 NICS ----------------- | x eth0 (63.43.x.x) network mask (255.255.240.0) | | x eth1 (63.43.x.x)

Hello, LARTC mailing readers, I hope u can help with this mysterious issue i''m having with my linux box acting as a router. Scenario: Linux running 2.6.8.1 /w julians patches /w support for multipath routing Latest iproute (iproute2-ss040702) 4 NICS ----------------- | x eth0 (63.43.x.x) network mask (255.255.240.0) | |

hi, Im tryig to use two isp links get worked: first isp 212.122.xx.254 (gw) second isp 10.10.xx.2 (gw) my ip1 212.122.xx.90 (eth0) my ip2 10.10.xx.254 (eth1) internal network my ip 192.168.1.254 (eth2) turn on masquerading on both links: $IPTABLES -t nat -A POSTROUTING -o eth0 -j SNAT --to 212.122.xx.90 $IPTABLES -t nat -A POSTROUTING -o eth1 -j SNAT --to 10.10.xx.2 mark packets on 6667

Hello.. How can I specify a class for htb based on a fwmark and user ip ? For instance: I have some routes marked with fwmark and their are very-high speed connections... But only to some IP''s.. For the rest , I must limit the user to 64Kbits Now , how can I limit the high speed connections ? I must create a rule and take in account both fwmark and IP ? To be more specific , I want

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another