Hi,
I have a problem with the MARK target support. I want to MARK locally
generated IPv6 packets (UDP, TCP, ICMP ...). For this i use the following
ip6tables command :
ip6tables -t mangle -A OUTPUT -p udp -j MARK 0x1
ip6tables -t mangle -A OUTPUT -p tcp -j MARK 0x2
All works fine, the rule is added in the OUPUT chain of mangle table. Now i
want to retrieve this mark and route packets according to their mark :
ip -6 route add 2001:688:dd00::5 via 2001:688:bb00::5 dev eth0 table TEST1
ip -6 route add 2001:688:dd00::5 via 2001:688:cc00::5 dev eth1 table TEST2
=> Routes seems to be taken into account and added to the tables (it doesn't
appear but when you type ip -6 route show table 0 | grep TEST1 you can see the
rules in TEST1)
ip -6 rule add fwmark 0x1 table TEST1
ip -6 rule add fwmark 0x2 table TEST2
=> Rules are added and can be viewed with ip -6 rule show
The test bed is set up correctly (all interfaces can be pinged).
My problem is that when i generate a UDP flow (via nc) the packets are not
marked (i suppose) by ip6tables and therefore iproute does not lookup table
TEST1 as it should.
My kernel is 2.6.19.3 with ip6tables compiled as module with all available
targets, IPv6 multiple routing tables is built in as well as "use netfilter
MARK value as routing key"
Best regards,
Maël
Envoyez vos cartes de voeux depuis www.laposte.net
Elles seront ensuite distribuées par le facteur : pratique et malin !
|