iptables MARK + ip rule fwmark

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: iptables MARK + ip rule fwmark
From: Покотиленко Костик <casper@meteor.dp.ua>
Date: Mon, 21 Aug 2006 10:45:51 +0300
Message-id: <[🔎] 1156146351.9089.0.camel@localhost.localdomain>
Reply-to: casper@meteor.dp.ua

Hi.

Where should I set iptables MARK, so that I can then use them for route
decision in ip rule fwmark?


# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p udp -m udp --sport
53 -j MARK --set-mark 0x6e
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p udp -m udp --sport
53 -j RETURN
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
53 -j MARK --set-mark 0x6e
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
53 -j RETURN
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
25 -j MARK --set-mark 0x6e
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
25 -j RETURN
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
82 -j MARK --set-mark 0x6e
# iptables -t mangle -A PREROUTING -s 192.168.1.2 -p tcp -m tcp --sport
82 -j RETURN

+

# ip rule add fwmark 0x6e table ExtServers

doesn't direct this traffic to ExtServers table, inserting

# ip rule add from 192.168.1.2 table ExtServers

helps, but this is not what is needed.


================================

Also strange fact: when there is no "ip rule add from 192.168.1.2 table
ExtServers" rule the above iptables' counter are not being increased,
but with that rule inserted counters are moving :/

-- 
Покотиленко Костик <casper@meteor.dp.ua>

Reply to:

Prev by Date: iptables MARK + ip rule fwmark
Next by Date: Re: iptables MARK + ip rule fwmark
Previous by thread: Re: iptables MARK + ip rule fwmark
Next by thread: ! Video con giovane teen, che fanno sesso per farti godere come e` possibile piu` lungo.
Index(es):
- Date
- Thread