Hi all,
I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables:
[root@lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan 32766: from all lookup main 32767: from all lookup default
My routing tables:
[root@lothlorien net]# ip ro show table FirstLan 172.25.70.16/28 dev eth1 proto kernel scope link src 172.25.70.18 default via 172.25.70.30 dev eth1
[root@lothlorien net]# ip ro show table SecondLan 172.25.80.0/24 dev eth1 proto kernel scope link src 172.25.80.10 default via 172.25.80.1 dev eth2
And my iptables rule is:
iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 1
But this doesn't works. This host is CentOS 5.5 based with two interfaces.
What am I doing wrong??
Thanks.
On Wed, Oct 13, 2010 at 11:22 AM, C. L. Martinez carlopmart@gmail.comwrote:
Hi all,
I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables:
[root@lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan 32766: from all lookup main 32767: from all lookup default
My routing tables:
[root@lothlorien net]# ip ro show table FirstLan 172.25.70.16/28 dev eth1 proto kernel scope link src 172.25.70.18 default via 172.25.70.30 dev eth1
[root@lothlorien net]# ip ro show table SecondLan 172.25.80.0/24 dev eth1 proto kernel scope link src 172.25.80.10 default via 172.25.80.1 dev eth2
And my iptables rule is:
iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 1
But this doesn't works. This host is CentOS 5.5 based with two interfaces.
What am I doing wrong??
Thanks.
Please, any hints?
From: C. L. Martinez carlopmart@gmail.com
But this doesn't works. This host is CentOS 5.5 based with two interfaces.
Please, any hints?
What do you mean by this does'nt work? Nothing works? Half of it? Just in case, but no idea if it is necessary, did you set forwarding? net.ipv4.ip_forward = 1 But again, I am not sure it is necessary...
JD
On Fri, Oct 15, 2010 at 10:44 AM, John Doe jdmls@yahoo.com wrote:
From: C. L. Martinez carlopmart@gmail.com
But this doesn't works. This host is CentOS 5.5 based with two
interfaces.
Please, any hints?
What do you mean by this does'nt work? Nothing works? Half of it? Just in case, but no idea if it is necessary, did you set forwarding? net.ipv4.ip_forward = 1 But again, I am not sure it is necessary...
JD
I think I don't need to enable ip forwarding. My problem is when I try to, for example, resolve some name address via eth2. My DNS server denies all querys because these appears with 172.25.70.18 ip instead of 172.25.80.10 IP.
This is one problem. Another problem for example is when I try to synchronize host time using ntp service via eth1. Doesn't works.
Thanks.
On 10/15/10 3:56 AM, C. L. Martinez wrote:
On Fri, Oct 15, 2010 at 10:44 AM, John Doe <jdmls@yahoo.com mailto:jdmls@yahoo.com> wrote:
From: C. L. Martinez <carlopmart@gmail.com <mailto:carlopmart@gmail.com>> >>But this doesn't works. This host is CentOS 5.5 based with two interfaces. >Please, any hints? What do you mean by this does'nt work? Nothing works? Half of it? Just in case, but no idea if it is necessary, did you set forwarding? net.ipv4.ip_forward = 1 But again, I am not sure it is necessary... JDI think I don't need to enable ip forwarding. My problem is when I try to, for example, resolve some name address via eth2. My DNS server denies all querys because these appears with 172.25.70.18 ip instead of 172.25.80.10 IP.
Is it denying it due to firewalling/configuration, or just doesn't have a route back?
This is one problem. Another problem for example is when I try to synchronize host time using ntp service via eth1. Doesn't works.
It seems very strange to need to source from an IP that isn't the one that would automatically be chosen by the next-hop route toward the destination, and not too surprising that it doesn't work. Why do you need to do this, and wouldn't it be better to nat to the outbound interface if you do?
On 10/15/2010 08:48 AM, C. L. Martinez wrote:
On Wed, Oct 13, 2010 at 11:22 AM, C. L. Martinez <carlopmart@gmail.com mailto:carlopmart@gmail.com> wrote:
Hi all, I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables: [root@lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan 32766: from all lookup main 32767: from all lookup default My routing tables: [root@lothlorien net]# ip ro show table FirstLan 172.25.70.16/28 <http://172.25.70.16/28> dev eth1 proto kernel scope link src 172.25.70.18 default via 172.25.70.30 dev eth1 [root@lothlorien net]# ip ro show table SecondLan 172.25.80.0/24 <http://172.25.80.0/24> dev eth1 proto kernel scope link src 172.25.80.10 default via 172.25.80.1 dev eth2 And my iptables rule is: iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 1
I had a similar problem, so I wrote the mark as 0x1 : iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 0x1
-- MM
-
Barry Brimer -
C. L. Martinez -
John Doe -
Les Mikesell -
Mitja Mihelič