Policy routing

shukalo83 · May 17, 2011, 9:52am

Hello

I’m trying to setup policy for all packet destined for ftp on server 1.1.1.99 to go on wan2 interface (I have a dual wan setup and ether3-local-master is default gw for LAN)

4   chain=prerouting action=mark-connection new-connection-mark=ftpbg passthrough=no dst-address=1.1.1.99 in-interface=ether3-local-master 
     connection-mark=ftpbg 

5   chain=prerouting action=mark-routing new-routing-mark=to_ftpbg passthrough=no connection-mark=ftpbg

But when I check stats:

 4   prerouting                                                                                      mark-connection         9569527         6623           
 5   prerouting                                                                                      mark-routing            0               0

It seams that packets are not checked for mark-routing action while in the same time they are checked with mark-connection.

Am I doing something wrong here?

greencomputing · May 17, 2011, 2:07pm

Hi there
may you change rule #4 removing the connection-mark=ftpbg setting?
I mean that rule 4 needs to appear as :

 4   chain=prerouting action=mark-connection new-connection-mark=ftpbg passthrough=no dst-address=1.1.1.99 in-interface=ether3-local-master

Ciao

duvi · May 17, 2011, 3:11pm

passthrough=no is the key, it doesn’t reach #5 because of it. Set it to passthrough=yes

shukalo83 · May 17, 2011, 10:04pm

Greencomputing was right. connection-mark was unnecessary.

On the other hand, passthrough=no was necessary.

Thank You all.