Policy routing problem

Discussion in 'Linux Networking' started by Christoph Pleger, Oct 22, 2012.

  1. Hello,

    I am running a DHCP-Server that serves multiple subnets. The server has
    an IP address in all of these subnets, and its primary IP address in a
    subnet that is not served by DHCP. Every IP address has its own VLAN
    Ethernet interface, eth0.102, eth0.104, etc. In this setup, the DHCP
    server often does not send its unicast replies on the interface where it
    received the corresponding request, but on the interface of its primary
    IP address, and with that IP. My first thought how to change this was by
    setting routes depending on destination addresses, but this would cause
    big problems with other services running on the same machine, so I tried
    to combine iproute2 and iptables, like this:

    iptables -t mangle -A OUTPUT -p udp --source-port bootps \
    -d xxx.xxx.22.0/24 -j MARK --set-mark 122

    ip route add fwmark 122 dev eth0.122

    Though I can see in my logs that iptables set the mark, routing does not
    work as expected and the server still uses its primary IP address for
    sending unicast DHCP replies.

    What am I doing wrong and what must be done to achieve the desired
    behaviour?

    Regards
    Christoph
     
    Christoph Pleger, Oct 22, 2012
    #1
    1. Advertisements

  2. Hello,
    At this place, I made a mistake in my message. My real commands were:

    iptables -t mangle -A OUTPUT -p udp --source-port bootps \
    -d xxx.xxx.22.0/24 -j MARK --set-mark 122

    ip route add to xxx.xxx.22.0/24 dev eth0.122

    ip rule add fwmark 122 table 122

    Regards
    Christoph
     
    Christoph Pleger, Oct 22, 2012
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.