Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

marked packets break iproute2 table
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mole
Tux's lil' helper
Tux's lil' helper


Joined: 07 Nov 2009
Posts: 81
PostPosted: Wed Aug 27, 2014 7:00 pm    Post subject: marked packets break iproute2 table Reply with quote
Hi,

I'm setting up a router with two different internet connections (one wired, one wireless). Traffic is to be routed depending on port number.

It's a fairly common set up, and I've studied various guides around but have hit an issue that I can't find any hints or clues about.

When a marked packet is sent to a table using
Code:
Dell_64 IP_route # ip rule show
0:      from all lookup local
32765:  from all fwmark 0x2 lookup FON
32766:  from all lookup main
32767:  from all lookup default
it will not route. That is even with the FON table exactly matching the main table. So it is being marked, and iproute2 is acting on the mark to send it to the FON table, where it dies.

I've tested this by removing the main table from the rules, and replacing it with the FON table without the fwmark condition. The FON table then routes as expected so it must be the fwmark condition that's causing the issue.
Code:
Dell_64 IP_route # ip rule show
0:      from all lookup local
32764:  from all lookup FON
32767:  from all lookup default


I've done
Code:
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > "$i"; done
to turn off reverse filtering, and checked my kernel options - Advanced Router, Policy Routing and MARK, CONNMARK etc are all set. Kernel is 3.12.2-gentoo.

Any help appreciated as this is driving me mad !!
Back to top
View user's profile Send private message
mole
Tux's lil' helper
Tux's lil' helper


Joined: 07 Nov 2009
Posts: 81
PostPosted: Wed Aug 27, 2014 11:44 pm    Post subject: Reply with quote
Rebuilt kernel a couple of times, mixed example configs from different sources and it started working, more reliable without marking on port numbers - just marking for UDP / TCP /ICMP achieves what I need....
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy