LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-20-2010, 10:08 AM   #1
MikeyCarter
Member
 
Registered: Feb 2003
Location: Orangeville
Distribution: Fedora
Posts: 443

Rep: Reputation: 31
Question How do I verify marked packets?


I'm setting up things like this so that I can send web traffic via different routers. (like: all web requests from internal to outside go via rogers, but any inbound requests to my webserver go via acanac)

-A PREROUTING -p tcp --sport 80 -s 172.29.0.19 -j MARK --set-mark 4


How do I see the mark in tcpdump? how can I send a test package and see which route it takes? How do I verify the rules are working:

ip rule
0: from all lookup local
32763: from all fwmark 0x6 lookup vpn
32764: from all fwmark 0x2 lookup rogers
32765: from all fwmark 0x4 lookup acanac
32766: from all lookup main
32767: from all lookup default
 
Old 06-20-2010, 11:21 AM   #2
MikeyCarter
Member
 
Registered: Feb 2003
Location: Orangeville
Distribution: Fedora
Posts: 443

Original Poster
Rep: Reputation: 31
Lightbulb

Never mind seems I found it. Seems that the outbound packets were not getting marked. I had to add this line for that.

-A OUTPUT -p tcp --sport 80 -s 172.29.0.19 -j MARK --set-mark 4

Edited:

oh ya and added this to figure out out what was going on:

-A OUTPUT -p tcp --sport 80 -j LOG --log-level 4 --log-prefix "firewall debug http: "

Last edited by MikeyCarter; 06-20-2010 at 11:22 AM. Reason: added something.
 
Old 06-20-2010, 11:22 AM   #3
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
You wont see those MARKS by tcpdump. They are for netfilter&kernel. As long as understand those marks even do not go out.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
openssl ssl error code 14090086 verify the CA cert is ok / certificate verify failed acummings Slackware 14 02-27-2009 01:51 AM
RedHat: vi - search results are marked werner78 Linux - Newbie 1 05-24-2006 05:15 AM
Marked vowels and Opera 8.5 gbj Suse/Novell 6 09-22-2005 01:10 AM
marked detoriation in performance! :( irfanhab Slackware 12 12-14-2004 07:35 AM
encapsulating TCP packets in UDP packets... yoshi95 Programming 3 06-03-2004 02:53 PM


All times are GMT -5. The time now is 04:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration