View previous topic :: View next topic |
Author |
Message |
mole Tux's lil' helper
Joined: 07 Nov 2009 Posts: 81
|
Posted: Wed Aug 27, 2014 7:00 pm Post subject: marked packets break iproute2 table |
|
|
Hi,
I'm setting up a router with two different internet connections (one wired, one wireless). Traffic is to be routed depending on port number.
It's a fairly common set up, and I've studied various guides around but have hit an issue that I can't find any hints or clues about.
When a marked packet is sent to a table using Code: | Dell_64 IP_route # ip rule show
0: from all lookup local
32765: from all fwmark 0x2 lookup FON
32766: from all lookup main
32767: from all lookup default
| it will not route. That is even with the FON table exactly matching the main table. So it is being marked, and iproute2 is acting on the mark to send it to the FON table, where it dies.
I've tested this by removing the main table from the rules, and replacing it with the FON table without the fwmark condition. The FON table then routes as expected so it must be the fwmark condition that's causing the issue. Code: | Dell_64 IP_route # ip rule show
0: from all lookup local
32764: from all lookup FON
32767: from all lookup default |
I've done Code: | for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > "$i"; done | to turn off reverse filtering, and checked my kernel options - Advanced Router, Policy Routing and MARK, CONNMARK etc are all set. Kernel is 3.12.2-gentoo.
Any help appreciated as this is driving me mad !! |
|
Back to top |
|
|
mole Tux's lil' helper
Joined: 07 Nov 2009 Posts: 81
|
Posted: Wed Aug 27, 2014 11:44 pm Post subject: |
|
|
Rebuilt kernel a couple of times, mixed example configs from different sources and it started working, more reliable without marking on port numbers - just marking for UDP / TCP /ICMP achieves what I need.... |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|