Hello,
I've been experimenting with routing using the netfilter mark value
(the MARK target extension). Say I have to computers A and B, with IP
addresses 192.168.1.101 and 192.168.1.102, respectively. I use
computer A to SSH into computer B on port 22.
My "main" routing table on computer B is empty. In additional I have
another table "999" on computer B, with the following route:
192.168.1.101 dev eth0 scope link
In my IP rules, I have the following:
0: from all lookup local
32765: from all lookup 999
32766: from all lookup main
32767: from all lookup default
At this point I'm able to SSH from A to B successfully.
Now I add the following routing using iptables:
iptables -t mangle -A OUTPUT -j MARK --set-mark 0x4
my OUTPUT chain is listed as follows:
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere MARK set
0x4
I then change my IP rules so that I have the following:
0: from all lookup local
32765: from all fwmark 0x4 lookup 999
32766: from all lookup main
32767: from all lookup default
I expect this to forward all packets generated by local applications
to be marked with 0x4, and then have all these packets routed through
eth0 (via table 999). Thus, I'm expecting my SSH connection to stay
up at this point. However, the connection hangs, meaning the packets
are not being routed properly.
What am I doing wrong here?
Thanks,
Prashant
|
Similar Threads
Linear Mode
