On Wed, Oct 2, 2013 at 2:30 PM, James Harper <[email protected]> wrote: >> >> 1) Add a mark to the packet >> # iptables -t mangle -A PREROUTING -p tcp --dport 1194 -j MARK --set-mark >> 0x4aa >> >> 2) Verify the PREROUTING table has the mark >> # iptables t mangle -L PREROUTING -v >> Chain PREROUTING (policy ACCEPT 126K packets, 87M bytes) >> pkts bytes target prot opt in out source destination >> 0 0 MARK tcp - any any anywhere anywhere tcp dpt:openvpn MARK set >> 0x4aa > > That "0 0" means no bytes have been satisfied by that rule. Can you check > after you have tested a packet that should satisfy the rule to confirm that > the counters are increasing?
The counters are not increasing. >> So to my mind, any packet with destination port of tcp 1194, should >> get the 0x4aa mark and then be routed using the routing table vlan156 >> which tells it to use the default gateway of 172.26.10.1. However this >> is not happening, all traffic is still being routed using the default >> gateway in the main routing table (ip route show). >> >> Any suggestions as to why it's not working? >> > > How are you determining that the packets aren't going the right way? tcpdump, lsof -i, conntrack -L and checking the connected IP address on the openvpn server. > Is OpenVPN definitely using TCP? Default is UDP. Yes, definitely using TCP. > Did you flush the route cache after - "ip route flush cache"? No I hadn't, but I just tried this now, and it hasn't made any difference. I also tried with conntack -F to flush the conntrack caches. Marcus. -- Marcus Furlong _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
