Subj : Problem with iproute2 on SuSE 9.1 To : comp.os.linux From : google Date : Sat Sep 04 2004 07:18 am Hi, I have a weird problem which I'm not able to solve. I wrote a script to mark specific networks with the MARK chain of iptables and let the "ip rule" do the routing magic. I first implemented this on a RedHat 7.3 system and it kept on working on SuSE 8.2 and SuSE 9.0 but on SuSE 9.1 it stopped working. The most strange thing of this all is that, on the machine where I run my script, tcpdump tells me that de message *is* put on the tunnel but the other side never receives anything. When I make the tunnel-device the default route for the specific networks instead of MARK-ing and "ip rule"-ing, the same message is put on the tunnel and the other side receives it as expected. Is this a bug in my script wich surfaces in SuSE 9.1 or has something changed going from a 2.4 series kernel to a 2.6 series kernel? Here's my script and its config file. Usage is: fw_tunnel start|stop host.cfg -------------------- BEGIN OF host.cfg SCRIPT ------------- # remote host REMOTE=192.168.0.9 # device to put the tunnel on DEV=eth0 # networks to be bridged NET="216.239.0.0/16" --------------------- END OF host.cfg SCRIPT -------------- -------------------- BEGIN OF fw_tunnel SCRIPT ------------ #!/bin/sh .. ${2:-host.cfg} # this machine LOCAL=$(ipaddr -i $DEV) # /usr/bin/ipaddr from SuSE 9.1's shtools # pointopoint link PP_TUN=tunl1 PP_ADDR=127.0.0.8 MARK=1 TABLE=200 DEBUG=${DEBUG:-0} [[ $DEBUG -gt 0 ]] && set -x mangle_mark() { [[ x$1 = x-A ]] && iptables -t mangle -N out_mark iptables -t mangle $1 OUTPUT -j out_mark iptables -t mangle $1 out_mark -d $REMOTE -j RETURN [[ x$1 = x-D ]] && iptables -t mangle -X out_mark } set_mark() { [[ $DEBUG -gt 1 ]] && iptables -t mangle $1 out_mark -d $2 -j LOG --log-prefix "SET_MARK: " iptables -t mangle $1 out_mark -d $2 -j MARK --set-mark $MARK } nat_snat() { [[ $DEBUG -gt 1 ]] && iptables -t nat $1 POSTROUTING -o $PP_TUN -j LOG --log-prefix "SNAT: " iptables -t nat $1 POSTROUTING -o $PP_TUN -j SNAT --to-source $LOCAL } start() { mangle_mark -A for net in $NET do set_mark -A $net done nat_snat -A modprobe ipip # needed on SuSE 9.1, not needed on RedHat 8.0 ip rule add fwmark $MARK table $TABLE ip tunnel add $PP_TUN mode ipip remote $REMOTE ifconfig $PP_TUN $PP_ADDR netmask 255.255.255.255 ip route add default dev $PP_TUN table $TABLE ip route flush cache } stop() { nat_snat -D for net in $NET do set_mark -D $net done mangle_mark -D ip route del default dev $PP_TUN table $TABLE ip rule del fwmark $MARK table $TABLE ip tunnel del $PP_TUN mode ipip remote $REMOTE ip route flush cache modprobe -r ipip } $1 --------------------- END OF fw_tunnel SCRIPT ------------- .