2.6.31 and connmark restore are not really working for fwmarking and policy routing

2.6.31 and connmark restore are not really working for fwmarking and policy routing

Post by Konstantinos Agouro » Sat, 05 Dec 2009 07:28:08



Sorry for the long subject. I do the following:

ip rule from all fwmark 0x10 lookup table 1

iptables -t mangle -A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j CONNMARK --set-mark 0x10
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark --mask 0xff

I already used the TRACE target for a testing address and what I see is,
that the answer packets go through prerouting and at the end have the
correct mark but are never allowed to the FORWARD queue. The same rules were
working in 2.6.30. Has there been some change? Is there a known bug?

Regards,

Konstantin
--

Altersheimerstr. 1, 81545 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres

 
 
 

1. ip rule with fwmark not working in 2.6.31?

Hi,

I have a setup where I do policy routing based on a mangle-table with
ip rule fwmark. This worked until 2.6.30 with 2.6.31 ip rule does work
eg with a source address
ip rule from 1.2.3.4 lookup 1
but not with
ip rule from all fwmark 0x01 lookup 1
The problem is, that the answer packets are dropped. I use CONNMARK in the
iptables rules. Anybody has an idea if there was a change from 2.6.30 to
2.6.31?

Konstantin
--

Altersheimerstr. 1, 81545 Muenchen, Germany. Tel +49 89 69370185
----------------------------------------------------------------------------
"Captain, this ship will not survive the forming of the cosmos." B'Elana Torres

2. REPOST: Re: Antispam article in 10/18 Atlanta Journal/Constitution

3. Matrox Mystique ands X.

4. Apache 1.2 access.conf

5. Policy routing based on interface is not working?

6. looking for modlines for a Mag DX17F

7. policy routing (routing based on source IP)

8. NIS map problem

9. Source Routing/Policy Routing

10. Routing via fwmark

11. using fwmark routing rule on 2.2.x kernel

12. TOS/FWMARK routing

13. advanced routing question (squid/policy based routing)