Differences between version 8 and revision by previous author of SourceBasedRouting.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 8 | Last edited on Friday, December 16, 2005 8:50:43 am | by CraigMckenna | Revert |
| Older page: | version 7 | Last edited on Wednesday, December 14, 2005 2:27:25 pm | by TimCareySmith | Revert |
@@ -131,6 +131,20 @@
ip rule add prio __300__ from $IP lookup $TABLE
</verbatim>
2 - I have added a line in /etc/iproute2/rt_tables containing '100 ORCON'
+
+
+This works fine for small data packets but doesnt seem to match on followon packets, to handle this you need CONNMARK tracking and matching as well
+
+<verbatim>
+iptables -t mangle -A OUTPUT -o eth0 -j CONNMARK --restore-mark
+iptables -t mangle -A OUTPUT -o eth0 -m mark ! --mark 0 -j RETURN
+iptables -t mangle -A OUTPUT -o eth0 -m owner --uid-owner 1004 -j MARK --set-mark 0x1
+iptables -t mangle -A OUTPUT -o eth0 -m mark ! --mark 0 -j CONNMARK --save-mark
+</verbatim>
+
+This will lookup the current packet in connection tracking table and restore the mark that was assigned to this connection initially.
+If this provides a mark value no further mangling is done, if not, then the uid-owner matching is tested and if successful, the mark is set and then saved to the connection tracking table.
+
CategoryNetworking
