Good Evening,
I am trying to set up port based routing on a CentOS 5.2 box as described here:
http://www.linuxhorizon.ro/iproute2.html (second example)
Therefor I have set up the following mangle and routing rules:
$IPTABLES -A OUTPUT -t mangle -p tcp --dport 1100 -j MARK --set-mark 1 $IPTABLES -A OUTPUT -t mangle -p tcp --dport 1101 -j MARK --set-mark 2 $IPTABLES -A OUTPUT -t mangle -p tcp --dport 1102 -j MARK --set-mark 3
$IP route add default dev ppp100 table SOESTCOM1 $IP route add default dev ppp101 table VERSATEL1 $IP route add default dev ppp102 table TONLINE1
$IP rule add from all fwmark 1 table SOESTCOM1 $IP rule add from all fwmark 2 table VERSATEL1 $IP rule add from all fwmark 3 table TONLINE1
iptables -t mangle -L -vn output:
http://pastebin.centos.org/24626
shows that the packages are marked correctly.
Here is an example ip route show table output:
default dev ppp102 scope link
But it seems (and tcpdump indicates) that packages are still routed via default route, instead.
Do I need to set some proc flags to activate port based routing?
Best Regards Marcus
Good Evening,
There seems to be a bug in iproute caused by nla policy introduction to the kernel:
http://mailman.ds9a.nl/pipermail/lartc/2007q1/020493.html
So I was not able to set ip rules using e.g.: ip rule add from all fwmark 3 table TONLINE1
which lead to an error:
RTNETLINK answers: Numerical result out of range
I did the trick with replacing 'all' with '0.0.0.0/0'
Best Regards Marcus
-
Marcus Moeller