Re: Fwmark and iproute2

To: "Mike Mestnik" <cheako911@yahoo.com>, debian-firewall@lists.debian.org
Subject: Re: Fwmark and iproute2
From: "Raffaele D'Elia" <R.DElia@starcomitalia.com>
Date: Sat, 13 Nov 2004 11:43:41 +0100
Message-id: <WorldClient-F200411131143.AA43410032@starcomitalia.com>
Reply-to: R.DElia@starcomitalia.com
In-reply-to: <20041112233658.24869.qmail@web11907.mail.yahoo.com>
References: <WorldClient-F200411121726.AA26250028@starcomitalia.com> <20041112233658.24869.qmail@web11907.mail.yahoo.com>


-----Original Message-----
From: Mike Mestnik <cheako911@yahoo.com>
To: R.DElia@starcomitalia.com, debian-firewall@lists.debian.org
Date: Fri, 12 Nov 2004 15:36:58 -0800 (PST)
Subject: Re: Fwmark and iproute2

> Hey,
>
> > I need to sent local generated packets through one or the other
> gateway
> > using fwmark rules.
>
> As far as I know  fwmark only works inside the kernel. So maybe you
> should
> take a look at DSCP.

Fwmark or TOS doesn't matter: the problem is the same. When packets reachs
netfilter's code, the outgoing interface is already choosen.

 
> > Unfortunately the outgoing interface is choosen before entering the
> > mangle table...
>
> ?
> Do you know the picture from:
> http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSIN
> GGENERAL

Local processes -> Routing Decision -> mangle OUTPUT (too late...)

THIS is the problem...;)

Radel

Reply to:

Follow-Ups:
- Re: Fwmark and iproute2
  - From: Mike Mestnik <cheako911@yahoo.com>

References:
- Fwmark and iproute2
  - From: "Raffaele D'Elia" <R.DElia@starcomitalia.com>
- Re: Fwmark and iproute2
  - From: Mike Mestnik <cheako911@yahoo.com>

Prev by Date: Re: Fwmark and iproute2
Next by Date: Re: netbios problem?
Previous by thread: Re: Fwmark and iproute2
Next by thread: Re: Fwmark and iproute2
Index(es):
- Date
- Thread