advanced routing packets from localhost
Moby
moby at mobsternet.com
Thu Dec 10 18:28:23 UTC 2009
On 12/10/2009 10:54 AM, ESGLinux wrote:
> Hello,
>
> The problem with that is that the routing decision is made before the
> packets get marked, so although I get the packets marked they follow the
> route decided in the previous steps
>
> you can see this steps in this web:
>
> http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html
>
> <http://www.linuxtopia.org/Linux_Firewall_iptables/c951.html>or am I doing
> anything wrong?
>
> Thanks,
>
> ESG
>
>
> 2009/12/10 Moby<moby at mobsternet.com>
>
>
>>>
>>> For local traffic, set your mark on all traffic originiating from
>>>
>> 127.0.0.1 and other local IPs of the machine sent to destination port 80 or
>> 443.
>>
>> --
>> --Moby
>>
>> They that can give up essential liberty to obtain a little temporary safety
>> deserve neither liberty nor safety. -- Benjamin Franklin
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
I looked at the link you posted, and most I can say is perhaps the
document there needs some correct.
I have the following line in my config:
iptables -t mangle -A PREROUTING -s 127.0.0.0/24 -j MARK --set-mark 2
and I know for sure it works.
You may perhaps want to try something along these lines and see what
happens in your case?
--
--Moby
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
More information about the redhat-list
mailing list