Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#231 MARK rules in mangle table not appended to correct chain.

open
Vadim Kurland
None
5
2012-07-19
2012-07-19
Anonymous
No

I'm trying to do some policy routing. I have two providers and I want to route certain services over the non-default provider. This means I need to mark packets.

I've got a TagService created and a rule that has the tag option populated by this TagService. This is apparently how 5.0 handles MARK now.

However, fwbuilder compiles iptables rules that are placed in the INPUT/OUTPUT chains and not the PREROUTING chain. For policy routing under iptables the MARK actions should be handled by the PREROUTING chain of the mangle table. I would think this is especially necessary for routed packets as the documentation indicates that in the mangle table forwarded packets are processed by the PREROUTE/FORWARD/POSTROUTE chains and not by INPUT/OUTPUT at all.

How do I get fwbuilder to select the PREROUTING chain to place the MARK rule?

as a second question? Why is it ONLY marking the SYN packet even though I have stateless checked?

Discussion

  • Vadim Kurland
    Vadim Kurland
    2012-07-19

    • assigned_to: nobody --> vkurland
     
  • Vadim Kurland
    Vadim Kurland
    2012-07-19

    please provide your .fwb file, there are too many variables and you have provided only limited information.