It's a mistake, I modified it manualy... should be:
32764: from all fwmark 0x5 lookup isp2
32765: from lookup isp2
32766: from all lookup main
32767: from all lookup default
But if there were no mark why would it affect the routing?
I've logged the packets on FORWARD:
iptables -A FORWARD -s $
supermega napisał(a):
of course:
# ip rule
0: from all lookup local
32765: from all fwmark 0x5 lookup isp2
32766: from all lookup main
32767: from all lookup default
Packets from are dropped.
If the ip rule looked like that:
0: from all lookup local
32765: from all fwmark 0x5 look
of course:
# ip rule
0: from all lookup local
32765: from all fwmark 0x5 lookup isp2
32766: from all lookup main
32767: from all lookup default
Packets from are dropped.
If the ip rule looked like that:
0: from all lookup local
32765: from all fwmark 0x5 lookup isp2
32765: from lo
supermega napisał(a):
Funny thing:
when the "ip rule fwmark" is added then the next rule - with lower
preference - is checked, too (it can be main or "ip rule from" or
anything).
If the routes set by these 2 rules are the same then packet is
accepted.
If not then it's dropped.
I don't understan
well... it doesn't.
I tested it once more with sarge/stable and 2.4 kernel.
Funny thing:
when the "ip rule fwmark" is added then the next rule - with lower
preference - is checked, too (it can be main or "ip rule from" or
anything).
If the routes set by these 2 rules are the same then packet is
a
supermega napisał(a):
Thank you both.
Nelson Castillo, can you tell me what kernel you're using?
I ain't no Nelson Castillo, but I'm using stock debian kernels.
So..
- I download sarge/stable, install minimal system
- apt-get iproute
- do the following commands:
I don't think I need more complicated script.. I understand iproute2
and routing in linux quite well.. and this should work.
My question was rather if I need to make any more OS tweaking (maybe in
/proc/sys/net/ipv4 or whatever). Or if there is something blocking
fwmark installed by default.
--
On 10 Oct 2005 11:56:06 -0700, supermega <[EMAIL PROTECTED]> wrote:
> Thank you both.
>
> Nelson Castillo, can you tell me what kernel you're using?
I'm using a patched 2.6.9 kernel, but I know 2.6.8 works.
> and it should work ?
>
> (Of course I don't need policy routing - it's just for example)
Thank you both.
Nelson Castillo, can you tell me what kernel you're using?
So..
- I download sarge/stable, install minimal system
- apt-get iproute
- do the following commands:
#adding new routing table
echo "200 isp2" >> /etc/iproute2/rt_tables
# setting up routing
On 10/10/05, Mariusz Kruk <[EMAIL PROTECTED]> wrote:
> Nelson Castillo napisał(a):
> >># iptables -t mangle -A PREROUTING -s -j MARK --set-mark 5
> > I guess you should use the conntrack module. I'm not sure,
> > but I think you're marking only the first packet of the
> > connection.
>
> Naaah. Wh
Nelson Castillo napisał(a):
# iptables -t mangle -A PREROUTING -s -j MARK --set-mark 5
I guess you should use the conntrack module. I'm not sure,
but I think you're marking only the first packet of the
connection.
Naaah. What does mangling packets have to do with connection tracking?
Does a
Thanks for your answer.
But way the first packet only?
All packets from are marked and all should go to table isp2.
Even with per-port load balancing in most services dest. port is always
the same and I don't have to use conntrack/connmark (in Slackware).
--
Tomek
--
To UNSUBSCRIBE, email t
> # iptables -t mangle -A PREROUTING -s -j MARK --set-mark 5
I guess you should use the conntrack module. I'm not sure,
but I think you're marking only the first packet of the
connection.
I have something like this to mark them (different scenario... a load balancer
with 2 uplink providers):
ip
hello,
I tried to post the topic on many groups.. with no answer.
I would like to use "ip rule add fwmark" and I think it's just not
working in debian.
system
debian testing from 2005-10-07
kernel 2.6.12-1-386
iproute2 from apt-get, ss041019
iptables from apt-get, 1.3.3
problem
I have
14 matches
Mail list logo
