PDA

View Full Version : Help with usage "ip rule add fwmark 0x24 table T3"



skoltogyan
02-Oct-2011, 16:16
Help with usage "ip rule add fwmark 0x24 table T3" with NAT in the
SLES11SP1

Enviroment:
SERVER - SLES11SP1
eth3 - local lan interface (192.168.252.11 with netmask 255.255.255.0)
eth0 - Internet interface to ISP1 (default gateway)
vlan121 - Internet interface to ISP2

WS - sles10. eth0[192.168.252.17]

This variant works:
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
213.130.10.242
/usr/sbin/iptables -t nat -A POSTROUTING -o vlan121 -j SNAT --to
195.184.194.34
P1_NETV121="195.184.194.32/30"
IF1V121="vlan121"
IP1V121="195.184.194.34"
P1V121="195.184.194.33"

/sbin/ip route add $P1_NETV121 dev $IF1V121 src $IP1V121 table T3
/sbin/ip route add default via $P1V121 table T3

/sbin/ip rule add from $IP1V121 table T3

/sbin/ip route add 192.168.252.0/24 dev eth3 table T3
/sbin/ip route add 127.0.0.0/8 dev lo table T3
/sbin/ip rule add from 192.168.252.17 table T3
/sbin/ip route flush cache

After this can do from the WS
#telnet ww.novell.com
GET /

And after this all pakets from the WS go over vlan121.
This is OK !

If instead of "/sbin/ip rule add from 192.168.252.17 table T3" to
use:

/sbin/ip rule del from 192.168.252.17 table T3
/sbin/ip rule add fwmark 0x24 table T3
/usr/sbin/iptables -t mangle -A PREROUTING -i eth3 -s 192.168.252.17
-j MARK --set-mark 0x24
/sbin/ip route flush cache

Packets leave through interface VLAN121 in the Internet, come the
answer to interface VLAN121 from the Internet, but answers from VLAN121
don't go anywhere further

Please, help me.

Serg


--
skoltogyan
------------------------------------------------------------------------
skoltogyan's Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=445873

Automatic Reply
07-Oct-2011, 18:24
skoltogyan,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

skoltogyan
23-Oct-2011, 10:26
skoltogyan;2143261 Wrote:
> Help with usage "ip rule add fwmark 0x24 table T3" with NAT in the
> SLES11SP1
>
> Enviroment:
> SERVER - SLES11SP1
> eth3 - local lan interface (192.168.252.11 with netmask 255.255.255.0)
> eth0 - Internet interface to ISP1 (default gateway)
> vlan121 - Internet interface to ISP2
>
> WS - sles10. eth0[192.168.252.17]
>
> This variant works:
> /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
> 213.130.10.242
> /usr/sbin/iptables -t nat -A POSTROUTING -o vlan121 -j SNAT --to
> 195.184.194.34
> P1_NETV121="195.184.194.32/30"
> IF1V121="vlan121"
> IP1V121="195.184.194.34"
> P1V121="195.184.194.33"
>
> /sbin/ip route add $P1_NETV121 dev $IF1V121 src $IP1V121 table T3
> /sbin/ip route add default via $P1V121 table T3
>
> /sbin/ip rule add from $IP1V121 table T3
>
> /sbin/ip route add 192.168.252.0/24 dev eth3 table T3
> /sbin/ip route add 127.0.0.0/8 dev lo table T3
> /sbin/ip rule add from 192.168.252.17 table T3
> /sbin/ip route flush cache
>
> After this can do from the WS
> #telnet ww.novell.com
> GET /
>
> And after this all pakets from the WS go over vlan121.
> This is OK !
>
> If instead of "/sbin/ip rule add from 192.168.252.17 table T3" to
> use:
>
> /sbin/ip rule del from 192.168.252.17 table T3
> /sbin/ip rule add fwmark 0x24 table T3
> /usr/sbin/iptables -t mangle -A PREROUTING -i eth3 -s 192.168.252.17
> -j MARK --set-mark 0x24
> /sbin/ip route flush cache
>
> Packets leave through interface VLAN121 in the Internet, come the
> answer to interface VLAN121 from the Internet, but answers from VLAN121
> don't go anywhere further
>
> Please, help me.
>
> Serg

After this
sysctl net.ipv4.conf.all.rp_filter=0
all work !!!

But I don't understand why so.

Serg


--
skoltogyan
------------------------------------------------------------------------
skoltogyan's Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=445873