Hello,
I have got a problem with the route by mark.
Our school has got two internet line, and an internal network, so We have
got three interface:
dev ip address gateway netmask
eth0: 193.225.133.43 193.225.133.58 255.255.255.0 (an internet line)
eth1: 195.199.13.61 195.199.13.62 255.255.255.240 (an internet line)
eth2: 193.225.108.60 -------------- 255.255.255.0 (internal network)
I need to route all ftp to eth0, and other traffic to eth1.
My default route is eth1!
The router and server name is lisa.njszki.hu (193.225.108.60), you see it
is a address from internal network, so i need the following two lines, to
world can see lisa:
ip ru add from 193.225.108.60 table 40 (when lisa reply, the source
address is 193.225.108.60)
ip ro add table 50 193.225.108.0/24 dev eth2 (internal answers)
ip ro add table 50 0/0 via 193.225.133.58 dev eth0 (world answers)
Now I route all ftp traffic from 193.225.108.0/24 to eth0:
ipchains -I input -p tcp -s 193.225.108.0/24 -d 0/0 21 -j ACCEPT -m 6
ip ru add fwmark 6 table 50 (because table 50 route to eth0)
The 193.225.108.0/24 is our commerical net. So to eth1 I need masq:
ipchains -I forward -j MASQ -s 193.225.108.0/24 -i eth1
Now, the setup is the following:
ipchains -L -v -n:
Chain input (policy ACCEPT: 432062 packets, 128707716 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source
destination ports
6 360 ACCEPT tcp ------ 0xFF 0x00 * 0x6
193.225.108.0/24 0.0.0.0/0 * -> 21
Chain forward (policy ACCEPT: 88516 packets, 33734724 bytes):
241 103K MASQ all ------ 0xFF 0x00 eth1
193.225.108.0/24 0.0.0.0/0 n/a
Chain output (policy ACCEPT: 441885 packets, 183703022 bytes):
ip ru ls:
0: from all lookup local
32760: from all fwmark 6 lookup 50
32761: from 193.225.108.60 lookup 50
32766: from all lookup main
32767: from all lookup default
ip ro ls table 50:
193.225.108.0/24 dev eth2 scope link
default via 193.225.133.58 dev eth0
route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.199.13.48 0.0.0.0 255.255.255.240 U 0 0 0 eth1
193.225.108.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
193.225.133.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 195.199.13.62 0.0.0.0 UG 0 0 0 eth1
That's all.
Now I probe ftp from 193.225.108.55 (alpha.njszki.hu), but nothing
happens. If I remove the mark rule from input chains, that work (on the
eth1). If i change the default route to eth0 it is work too with mark
rule. The table 50 is good, because if I use route by source instead of
mark, that works. So i only got problems with route by mark, if default
route other than route for marked packets. My kernel is good, it is
compiled with use FWMARK value as routing key, I chechked it twice.
What is the problem?
Thank you,
Risko Gergely
PS: Please CC your answers to [EMAIL PROTECTED]!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
