Hello All
I have the following problem with mangling, routing and simple queues.
What I am trying to do is route traffic based on dst port through two interfaces, call them int1 and int2, i.e 80, 443, voip, over a certain interface and 25, 110, 143 etc over another interface.
To do this I am marking connections and packets for routing from various sources on my network according to source IP and destination port, i.e. web traffic from client X is first marked X_web_conn and passed through, then packet marked X_web - as long as the connection mark matches - and then passthorugh, I then apply a routing mark X_web. All this take place in the prerouting chain. The connections are coming in over a 256k diginet line called farsync1.
I have a route setup to route traffic based on routing mark X_web via int1. I also have simple queues configured to limit the rate at which data travels over the 256k line as I don’t want port 25 to render web browsing useless etc etc. I have the 256k line configured as parent and then several child rules limiting traffic flow and assigning priority tp different ports.
Now for the problem. If passthrough is enabled on the packet mark rule then the traffic is routed where it is supposed to go but the traffic flows unlimited through the simple queues and saturates the 256k line. If I disable passthrough then the simple queues work wonderfully and traffic is limited and queued but ALL traffic is routed via the default route, not split up according to my routing config.
So my questions - which I have not been able to answer searching forums, wiki, manuals etc. Why does the routing mark seem to override the packet mark? Can they not both be on a packet at the same time? In that case how does one use simple queues and route traffic at the same time?
Any help or suggestions most welcome.
Thanks in advance.
Exerpts from my mangle rules (i am only showing the port 80 rules - all the other port rules are identical:
2 ;;; Mark CP Connections as cp_conn
chain=prerouting src-address-list=cathedral action=mark-connection new-connection-mark=cp_conn passthrough=yes
7 ;;; Mark CP :80 packets as client_web
chain=prerouting protocol=tcp dst-port=80 connection-mark=cp_conn action=mark-packet new-packet-mark=client_web passthrough=yes
13 ;;; Mark CP web traffic as cp_web
chain=prerouting packet-mark=client_web connection-mark=cp_conn action=mark-routing new-routing-mark=cp_web passthrough=no
Excerpts from IP → Routes
[admin@MK] ip route> print routing-mark=cp_web
1 A S ;;; Route CP_WEB via SAIX
0.0.0.0/0 r 165.146.0.1 1 saix