|
Title: Policy Routing - Incorrect source route rule? Post by: DFen on Monday 19 July 2010, 08:22:10 pm I have tried creating a policy route along the following lines:
Network->routing->policy routing Source network/ip (Green): 192.168.1.201/32 192.168.1.202/32 Destination network/ip (Red): ...20 ...30 Service: ANY Protocol: IP Route Via: uplink1 This appears to create enties in the mangle table: iptables -t mangle -L POLICYROUTING -nv 0 0 CONNMARK tcp -- * * 192.168.1.201 ...20 CONNMARK set 0x7c8/0x7f8 0 0 RETURN tcp -- * * 192.168.1.201 ...20 CONNMARK match !0x0/0x7f8 0 0 CONNMARK tcp -- * * 192.168.1.202 ...20 CONNMARK set 0x7c8/0x7f8 0 0 RETURN tcp -- * * 192.168.1.202 ...20 CONNMARK match !0x0/0x7f8 0 0 CONNMARK tcp -- * * 192.168.1.201 ...30 CONNMARK set 0x7c8/0x7f8 0 0 RETURN tcp -- * * 192.168.1.201 ...30 CONNMARK match !0x0/0x7f8 0 0 CONNMARK tcp -- * * 192.168.1.202 ...30 CONNMARK set 0x7c8/0x7f8 0 0 RETURN tcp -- * * 192.168.1.202 ...30 CONNMARK match !0x0/0x7f8 However in the source route rules table: ip ru sho 10: from 192.168.1.201 lookup main This appears to cause the later rule: 199: from all fwmark 0x7c8/0x7f8 lookup uplink-uplink1 NOT to be reached for the first Source IP in the policy route, and traffic is routed via the default route in main. This does not appear to be the correct action. I need the traffic to be routed to an alternate gateway. |