Help with usage "ip rule add fwmark 0x24 table T3"

System1 · October 2, 2011, 6:16pm

Help with usage “ip rule add fwmark 0x24 table T3” with NAT in the
SLES11SP1

Enviroment:
SERVER - SLES11SP1
eth3 - local lan interface (192.168.252.11 with netmask 255.255.255.0)
eth0 - Internet interface to ISP1 (default gateway)
vlan121 - Internet interface to ISP2

WS - sles10. eth0[192.168.252.17]

This variant works:
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
213.130.10.242
/usr/sbin/iptables -t nat -A POSTROUTING -o vlan121 -j SNAT --to
195.184.194.34
P1_NETV121=“195.184.194.32/30”
IF1V121=“vlan121”
IP1V121=“195.184.194.34”
P1V121=“195.184.194.33”

/sbin/ip route add $P1_NETV121 dev $IF1V121 src $IP1V121 table T3
/sbin/ip route add default via $P1V121 table T3

/sbin/ip rule add from $IP1V121 table T3

/sbin/ip route add 192.168.252.0/24 dev eth3 table T3
/sbin/ip route add 127.0.0.0/8 dev lo table T3
/sbin/ip rule add from 192.168.252.17 table T3
/sbin/ip route flush cache

After this can do from the WS
#telnet ww.novell.com
GET /

And after this all pakets from the WS go over vlan121.
This is OK !

If instead of “/sbin/ip rule add from 192.168.252.17 table T3” to
use:

/sbin/ip rule del from 192.168.252.17 table T3
/sbin/ip rule add fwmark 0x24 table T3
/usr/sbin/iptables -t mangle -A PREROUTING -i eth3 -s 192.168.252.17
-j MARK --set-mark 0x24
/sbin/ip route flush cache

Packets leave through interface VLAN121 in the Internet, come the
answer to interface VLAN121 from the Internet, but answers from VLAN121
don’t go anywhere further

Please, help me.

Serg

–
skoltogyan

skoltogyan’s Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=445873

system · October 7, 2011, 8:24pm

skoltogyan,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

system · October 23, 2011, 12:26pm

skoltogyan;2143261 Wrote:[color=blue]

Help with usage “ip rule add fwmark 0x24 table T3” with NAT in the
SLES11SP1

Enviroment:
SERVER - SLES11SP1
eth3 - local lan interface (192.168.252.11 with netmask 255.255.255.0)
eth0 - Internet interface to ISP1 (default gateway)
vlan121 - Internet interface to ISP2

WS - sles10. eth0[192.168.252.17]

This variant works:
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
213.130.10.242
/usr/sbin/iptables -t nat -A POSTROUTING -o vlan121 -j SNAT --to
195.184.194.34
P1_NETV121=“195.184.194.32/30”
IF1V121=“vlan121”
IP1V121=“195.184.194.34”
P1V121=“195.184.194.33”

/sbin/ip route add $P1_NETV121 dev $IF1V121 src $IP1V121 table T3
/sbin/ip route add default via $P1V121 table T3

/sbin/ip rule add from $IP1V121 table T3

/sbin/ip route add 192.168.252.0/24 dev eth3 table T3
/sbin/ip route add 127.0.0.0/8 dev lo table T3
/sbin/ip rule add from 192.168.252.17 table T3
/sbin/ip route flush cache

After this can do from the WS
#telnet ww.novell.com
GET /

And after this all pakets from the WS go over vlan121.
This is OK !

If instead of “/sbin/ip rule add from 192.168.252.17 table T3” to
use:

/sbin/ip rule del from 192.168.252.17 table T3
/sbin/ip rule add fwmark 0x24 table T3
/usr/sbin/iptables -t mangle -A PREROUTING -i eth3 -s 192.168.252.17
-j MARK --set-mark 0x24
/sbin/ip route flush cache

Packets leave through interface VLAN121 in the Internet, come the
answer to interface VLAN121 from the Internet, but answers from VLAN121
don’t go anywhere further

Please, help me.

Serg[/color]

After this
sysctl net.ipv4.conf.all.rp_filter=0
all work !!!

But I don’t understand why so.

Serg

–
skoltogyan

skoltogyan’s Profile: http://forums.novell.com/member.php?userid=9261
View this thread: http://forums.novell.com/showthread.php?t=445873

Topic		Replies	Views
How use -j MARK in the iptables from the SLES11SP1 ? SLES Configure-Administer	5	162	September 21, 2011
make ip route and ip rule permanent on SLES15 SP1 SLES Networking	1	2572	November 27, 2019
Sles 11 SP2 Internet Routing and VMware SLES Networking	5	181	January 9, 2013
Basic help on getting SLES to route SLES Networking	5	179	December 4, 2012
Routing under Suse Linux SLES 11 SP1 SLES Networking	4	177	November 18, 2013

Help with usage "ip rule add fwmark 0x24 table T3"

– skoltogyan

– skoltogyan

Related Topics

–
skoltogyan

–
skoltogyan