Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 24 November 2024, 05:49:04 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Policy Routing - Incorrect source route rule?
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Policy Routing - Incorrect source route rule?  (Read 9757 times)
DFen
Full Member
***
Offline Offline

Posts: 46


« on: Monday 19 July 2010, 08:22:10 pm »

I have tried creating a policy route along the following lines:
Network->routing->policy routing

Source network/ip (Green):
192.168.1.201/32
192.168.1.202/32

Destination network/ip (Red):
...20
...30

Service: ANY
Protocol: IP
Route Via: uplink1


This appears to create enties in the mangle table: iptables -t mangle -L POLICYROUTING -nv

    0     0 CONNMARK   tcp  --  *      *       192.168.1.201      ...20       CONNMARK set 0x7c8/0x7f8
    0     0 RETURN     tcp  --  *      *       192.168.1.201      ...20       CONNMARK match !0x0/0x7f8
   0     0 CONNMARK   tcp  --  *      *       192.168.1.202      ...20       CONNMARK set 0x7c8/0x7f8
    0     0 RETURN     tcp  --  *      *       192.168.1.202      ...20       CONNMARK match !0x0/0x7f8

    0     0 CONNMARK   tcp  --  *      *       192.168.1.201      ...30       CONNMARK set 0x7c8/0x7f8
    0     0 RETURN     tcp  --  *      *       192.168.1.201      ...30       CONNMARK match !0x0/0x7f8
   0     0 CONNMARK   tcp  --  *      *       192.168.1.202      ...30       CONNMARK set 0x7c8/0x7f8
    0     0 RETURN     tcp  --  *      *       192.168.1.202      ...30       CONNMARK match !0x0/0x7f8

However in the source route rules table: ip ru sho

10:     from 192.168.1.201 lookup main


This appears to cause the later rule:
199:     from all fwmark 0x7c8/0x7f8 lookup uplink-uplink1
NOT to be reached for the first Source IP in the policy route, and traffic is routed via the default route in main.

This does not appear to be the correct action.
I need the traffic to be routed to an alternate gateway.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com