Re: Fwmark and iproute2
--- Raffaele D'Elia <R.DElia@starcomitalia.com> wrote:
>
>
> -----Original Message-----
> From: Mike Mestnik <cheako911@yahoo.com>
> To: R.DElia@starcomitalia.com, debian-firewall@lists.debian.org
> Date: Fri, 12 Nov 2004 15:36:58 -0800 (PST)
> Subject: Re: Fwmark and iproute2
>
> > Hey,
> >
> > > I need to sent local generated packets through one or the other
> > gateway
> > > using fwmark rules.
> >
> > As far as I know fwmark only works inside the kernel. So maybe you
> > should
> > take a look at DSCP.
>
> Fwmark or TOS doesn't matter: the problem is the same. When packets
> reachs
> netfilter's code, the outgoing interface is already choosen.
>
>
> > > Unfortunately the outgoing interface is choosen before entering the
> > > mangle table...
> >
> > ?
> > Do you know the picture from:
> >
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSIN
> > GGENERAL
>
> Local processes -> Routing Decision -> mangle OUTPUT (too late...)
>
It's only too late when the pkt has been sen't onto the wier. What your
looking for is to overwright the routing decision. To do this all that is
needed is to modify the struct that holds this information. This would
seam to be preformed by some kernel patch.
> THIS is the problem...;)
>
> Radel
>
>
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
Reply to: