How do I verify marked packets?
I'm setting up things like this so that I can send web traffic via different routers. (like: all web requests from internal to outside go via rogers, but any inbound requests to my webserver go via acanac)
-A PREROUTING -p tcp --sport 80 -s 172.29.0.19 -j MARK --set-mark 4 How do I see the mark in tcpdump? how can I send a test package and see which route it takes? How do I verify the rules are working: ip rule 0: from all lookup local 32763: from all fwmark 0x6 lookup vpn 32764: from all fwmark 0x2 lookup rogers 32765: from all fwmark 0x4 lookup acanac 32766: from all lookup main 32767: from all lookup default |
Never mind seems I found it. Seems that the outbound packets were not getting marked. I had to add this line for that.
-A OUTPUT -p tcp --sport 80 -s 172.29.0.19 -j MARK --set-mark 4 Edited: oh ya and added this to figure out out what was going on: -A OUTPUT -p tcp --sport 80 -j LOG --log-level 4 --log-prefix "firewall debug http: " |
You wont see those MARKS by tcpdump. They are for netfilter&kernel. As long as understand those marks even do not go out.
|
All times are GMT -5. The time now is 12:16 AM. |