|
Hi,
I have been trying on the
following:-
Objective:
Using ip route to route packet mark with iptables
to desire routing table
Network Diagram:
(gateway) eth0 192.168.250.254 ---------------
192.168.250.197 eth0 (router) eth1 192.168.8.88 ------ 192.168.8.134 eth0
(client)
Settings:
Client
IP: 192.168.8.134
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.8.88
Router
eth0 IP: 192.168.250.197
eth1 IP: 192.168.8.88
Subnet Mask eth0/eth1: 255.255.255.0
Default Gateway: 192.168.250.254
Routing Table:
[root@son-ag webauth]# ip route show table
main
192.168.250.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 192.168.250.254 dev eth0 [root@son-ag webauth]# ip route show table test
192.168.8.0/24 dev br0 scope link default via 192.168.250.254 dev eth0 Rule List:
[root@son-ag webauth]# ip rule show
0: from all lookup local 32765: from all fwmark d lookup test 32766: from all lookup main 32767: from all lookup 253 Iptables:
[root@son-ag webauth]# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x13 Testing:
Ping from Client 192.168.8.134 to Router eth1
192.168.8.88, Ping FAILED.
I think I am missing something in the configuration.
I tried setting
> ip rule add from 192.168.8.0/24 table test
Ping is SUCCESS in this case.
Please advice. Thank you.
Best regards,
Kaiwen
|