[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problem with Netfilter (Packet Marking) and ip util



Title: RE: Problem with Netfilter (Packet Marking) and ip util

> Jonathan, could you try it without the MPLS-encapsulation
> (so, use netfilter
> with marks>10 to drive multiple routing tables)? I'd do it
> myself, but my
> testbed is out of action for a few weeks :(

Okay, figured out my problem with ping and routing tables other than the default.  Turned out to be simply my misunderstanding.

So, with that now working, I tried what you suggested, and it fails.  I created a UDP stream from our generator with destination ports ranging from 1024 to 1123 (100 ports).  The first 50 ports were marked by iptables with 9, the next 50 with 10.  Packets marked with 9 were routed properly, while packets marked with 10 were not.

Here's the setup:

iptables -A PREROUTING -i eth1 -t mangle -p udp -d 10.10.99.0/24 --dport 1024:1073 -j MARK --set-mark 9
iptables -A PREROUTING -i eth1 -t mangle -p udp -d 10.10.99.0/24 --dport 1074:1123 -j MARK --set-mark 10

echo 200 part1 >  /etc/iproute2/rt_tables
echo 201 part2 >> /etc/iproute2/rt_tables

ip rule add fwmark 9 table 200
ip rule add fwmark 10 table 201

ip route add 10.10.99.0/24 via 10.12.13.121 table 200
ip route add 10.10.99.0/24 via 10.12.13.121 table 201

ip route flush cache

Jon