I'm trying to get iproute2 to route outgoing packets marked using
iptables to an alternate route.
I have ver 1.2.13 of devil-linux and I'm using the following commands to
try to route
in /etc/iproute2/rt_tables I have appended the following entry
I have then executed the following command
ip rule add fwmark 1 table alt.net
ip route add default via 172.16.1.1 dev eth2 table alt.net
ip route flush cache
My normal routing has eth0 as the
default route so the above should override the routing for rules that
mark packets with a 1.
I'm using firewall builder to manage iptables and have used their marking
action to mark the packets.
I have rules that I'm using to test this to NAT outgoing traffic to tcp
port 119 with policy rules to 1st mark packets destined through this
route, then another rule to accept it.
It doesn't seem to matter which things I change, the data always seems to
go out through the default route and the the alt.net route. (I'm using
tcpdump to confirm this)
The lartc docs have the following kernel options required for routing
marked packets in iproute2
IP: advanced router
IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [Y/n/?]
IP: use netfilter MARK value as routing key (CONFIG_IP_ROUTE_FWMARK)
all of which are correctly set
according to DL-kernel-config file included in the devil-linux download,
so the correct compile options look to be set.
Does anyone have any suggestions on what I may be doing wrong or further
things I could check.