Salim S I wrote:
NATing is done with MASQUERADE, not SNAT, I use another MARK for it, but
in essence it is
-o eth2 -j MASQUEARDE
-o eth3 -j MASQUEARDE
In addition, there are several other MARKs for policy routing. They have
their own routing tables also. But at present, they are all empty.
Salim S I wrote:
NATing is done with MASQUERADE, not SNAT, I use another MARK for it, but
in essence it is
-o eth2 -j MASQUEARDE
-o eth3 -j MASQUEARDE
In addition, there are several other MARKs for policy routing. They have
their own routing tables also. But at present, they are all empty.
NATing is done with MASQUERADE, not SNAT, I use another MARK for it,
but
in essence it is
-o eth2 -j MASQUEARDE
-o eth3 -j MASQUEARDE
In addition, there are several other MARKs for policy routing. They
have
their own routing tables also. But at present, they are all empty.
Salim S I wrote:
NATing is done with MASQUERADE, not SNAT, I use another MARK for it,
but
in essence it is
-o eth2 -j MASQUEARDE
-o eth3 -j MASQUEARDE
In addition, there are several other MARKs for policy routing. They
have
their own routing tables also. But at present, they are all
Salim S I wrote:
I solved it, thought a bit ugly.
Sorry I didn't answer earlier. Can you post your iptables rules too, the
routing alone is not sufficient. If your setup is confidential at least
show all statements that set MARKs one way or another. What you did is
strange, but it might
14, 2007 3:27 PM
To: Salim S I
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Re: multiple routing tables for internal router
programs
Salim S I wrote:
I solved it, thought a bit ugly.
Sorry I didn't answer earlier. Can you post your iptables rules too, the
routing alone is not sufficient
To: 'Peter Rabbitson'
Cc: lartc@mailman.ds9a.nl
Subject: RE: [LARTC] Re: multiple routing tables for internal router
programs
My configuration
[EMAIL PROTECTED]:~# ip ru
0: from all lookup local
32150: from all lookup main
32201: from all fwmark 0x200/0x200 lookup wan1_route
32202
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Salim S I
Sent: Wednesday, June 13, 2007 12:08 PM
To: 'Peter Rabbitson'
Cc: lartc@mailman.ds9a.nl
Subject: RE: [LARTC] Re: multiple routing tables for internal router
programs
My configuration
[EMAIL PROTECTED]:~# ip ru
0
: [LARTC] Re: multiple routing tables for internal router
programs
My configuration
[EMAIL PROTECTED]:~# ip ru
0: from all lookup local
32150: from all lookup main
32201: from all fwmark 0x200/0x200 lookup wan1_route
32202: from all fwmark 0x400/0x400 lookup wan2_route
32203: from
I was saying Andrea: Try to define a new routing table, add a chain in
mangle table for tagging packets and add a rule to deliver those packets
to the new route.
Again, I'm sorry. I didn't know this is a english-only list.
Thanks for the reply.
This is the exact way that I used for
, June 12, 2007 4:00 PM
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Re: multiple routing tables for internal router
programs
I was saying Andrea: Try to define a new routing table, add a chain
in
mangle table for tagging packets and add a rule to deliver those
packets
to the new route
Andrea wrote:
This is the exact way that I used for managing traffic of my lan towards
ISPs. But is this mode still valid if I want to manage services
executed directly in the router?
this rule:
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1
capture all (web)
Peter Rabbitson ha scritto:
oThe routing (which occurs after OUTPUT) acts on the MARK
^
This is the focal point I'm searching for
Now what happens when there is no specific binding (you send from 0.0.0.0):
[snip]
Very very clear. Thanks very much!!!
Andrea wrote:
Very very clear. Thanks very much!!! The only still obscure aspect for
me is this:
you can request a specific interface (what you would do with the ping
script)
Check the man page of ping, and look for the '-I' option. Most network
testing utilities have this capability in
, 2007 5:29 PM
To: Andrea
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Re: multiple routing tables for internal router
programs
Andrea wrote:
Very very clear. Thanks very much!!! The only still obscure aspect for
me is this:
you can request a specific interface (what you would do with the
ping
Peter Rabbitson ha scritto:
Check the man page of ping, and look for the '-I' option. Most network
testing utilities have this capability in one form or another.By the way
if you request an _interface_ and not a specific IP, the first IP of the
interface is taken as listed by `ip addr`
Salim S I wrote:
Thanks! I get it now.
But why the src address for the interface is wrong?
In my case eth2 has a.b.c.d and eth3 has p.q.r.s.
DNS queries going through eth2 has p.q.r.s as src address and those
going through eth3 has a.b.c.d. Something wrong with routing?
Possible. Post full
]
Sent: Tuesday, June 12, 2007 7:24 PM
To: Salim S I
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] Re: multiple routing tables for internal router
programs
Salim S I wrote:
Thanks! I get it now.
But why the src address for the interface is wrong?
In my case eth2 has a.b.c.d and eth3 has p.q.r.s
On Mon, 11 Jun 2007, Javier Charne wrote:
Andrea escribió:
Maybe a strange request, I'll try to explain this as clearer as I can
(forgive my bad english, please :-) ).
Está permitido responder en castellano en esta lista?
I'm setting a linux box as a router. My router uses multiple
Tom Diehl escribió:
Any possibility someone could repost this reply in english.
Sorry, Tom. My english is really awful.
Lo que podés hacer es marcar los paquetes mediante iptables -t mangle
y luego definir reglas (ip rule) para routear cada paquete de acuerdo a
la marca que tenga, por las
20 matches
Mail list logo