Penguin
Diff: SourceBasedRouting
EditPageHistoryDiffInfoLikePages

Differences between current version and previous revision of SourceBasedRouting.

Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History

Newer page: version 8 Last edited on Friday, December 16, 2005 8:50:43 am by CraigMckenna
Older page: version 7 Last edited on Wednesday, December 14, 2005 2:27:25 pm by TimCareySmith Revert
@@ -131,6 +131,20 @@
  ip rule add prio __300__ from $IP lookup $TABLE 
 </verbatim> 
  
 2 - I have added a line in /etc/iproute2/rt_tables containing '100 ORCON' 
+  
+  
+This works fine for small data packets but doesnt seem to match on followon packets, to handle this you need CONNMARK tracking and matching as well  
+  
+<verbatim>  
+iptables -t mangle -A OUTPUT -o eth0 -j CONNMARK --restore-mark  
+iptables -t mangle -A OUTPUT -o eth0 -m mark ! --mark 0 -j RETURN  
+iptables -t mangle -A OUTPUT -o eth0 -m owner --uid-owner 1004 -j MARK --set-mark 0x1  
+iptables -t mangle -A OUTPUT -o eth0 -m mark ! --mark 0 -j CONNMARK --save-mark  
+</verbatim>  
+  
+This will lookup the current packet in connection tracking table and restore the mark that was assigned to this connection initially.  
+If this provides a mark value no further mangling is done, if not, then the uid-owner matching is tested and if successful, the mark is set and then saved to the connection tracking table.  
+  
  
 CategoryNetworking