Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Facing issue in ip6table rule for port based routing management
Special Forums IP Networking Facing issue in ip6table rule for port based routing management Post 302770243 by rahulbhansali24 on Friday 15th of February 2013 02:26:55 AM
Old 02-15-2013
Facing issue in ip6table rule for port based routing management
Hi,

Please help me on issue described below,
I have 4 machine setup, M1 -> M2 -> M3 | M4. And A laptop that can be reachable through both M3 and M4.

M2 has 2 NIC conected to M3 and M4. Now I want to divide the flow coming from M1 for laptop.
At M2, I have done following,
==============================
ip6tables -t mangle -A PREROUTING -p udp -dport 80 -j MARK -set-mark 12
echo 2 udp_flow >> /etc/iproute2/rt_tables
ip -6 rule add fwmark 12 table udp_flow
ip -6 route add $laptop-ip dev eth2 table udp_flow
==============================

Now if I send UDP traffic from M1 destined to Laptop IP, then if packet size is less then 1410 bytes then I can see complete UDP packets at M4 and successfully delivered to Laptop.

But if packet size > 1410 bytes, then fragmentaion happens and I can see only 1st fragmented packet at M4, not successive fragmented packets. I searched and find out that only 1st fragmented packet have information of UDP and destination port and hence marked properly and routed. Other fragmented packets have only UDP information not destination port, so not marked and dropped at M2.

Is there any solution or rule that can be applied so that all packets (whether fragmentation is there or not) can transfer to M4 only not M3 (destination port rule is compulsory) ?

If i put only UDP rule not including destination port then there is no issue with both cases with/without fragmentation.

Waiting for your helpful reply.



Thanks,

Rahul Bhansali
 

9 More Discussions You Might Find Interesting

1. IP Networking

Routing, Port Mapping, Internet Sharing etc etc

I'm running OS X. (OS X Server actually) and right now I use a program called BrickHouse to handle my router configuration. But this program kind of sucks. I'd much rather learn how to configure these programs manually. By these programs, I mean the programs OS X comes with to handle these jobs... (0 Replies)
Discussion started by: l008com
0 Replies

2. HP-UX

Facing an issue related to cronjob

Dear All, I am facing an issue related to cronjob and explained below is the case study: 1. I have a java class named "DmCheckRenditionQueue.java" and placed under "/cpc/documentum/product/5.2.5/tomcat/webapps/rendition" 2. When I am using the command "/usr/openv/java/jre/bin/java -cp... (1 Reply)
Discussion started by: parindam
1 Replies

3. Cybersecurity

IPF pass in connection to port 21 even with no explicit rule

I'm running IPF on solaris 10 bash-3.00# ipf -V #display ipf version ipf: IP Filter: v4.1.9 (592) Kernel: IP Filter: v4.1.9 Running: yes Log Flags: 0 = none set Default: pass all, Logging: available Active list: 1 Feature mask: 0x107 with the following rules bash-3.00# ipfstat -o -i... (0 Replies)
Discussion started by: h@foorsa.biz
0 Replies

4. Shell Programming and Scripting

Facing Issue after configuring logrotate

Hi, I have a logrotate configuration which rotates a log every night 1 min before midnight, but somehow its not working and unfortunately not showing any error message as well. Sharing the code for the cron job as well as the conf file, I am using, if some one coule help me..whats wrong with... (2 Replies)
Discussion started by: Neeryan
2 Replies

5. Infrastructure Monitoring

Facing Issue in Nagios 3.3

Hi, I have installed Nagios on Redhat Linux, I have installed Nagios+Plugins+NRPE on Server A (Host Server) and Nagios Plugins + nrpe on remote linux server (red hat linux) run the command on remote linux host, it returns nrpe version usr/local/nagios/libexec/check_nrpe -H localhost ... (1 Reply)
Discussion started by: manoj.solaris
1 Replies

6. Shell Programming and Scripting

Regex based Rule engine.

Hi, Greetings. We need to make a regexp based rule engine. The rules would be applied to any file specified and the data not matching should be logged. Would awk be the right scripting language. Regards, Dikesh Shah. (2 Replies)
Discussion started by: dikesm
2 Replies

7. Solaris

Facing issue while installing weblogic on Solaris 11

Hi, i am facing issue while installing weblogic on solaris..its giving me invalid argument error. solaris is intstalled on my VM. uname -a SunOS Vishal 5.10 Generic_137138-09 i86pc i386 i86pc screenshot attached. (5 Replies)
Discussion started by: Vishal Baghla
5 Replies

8. IP Networking

Port based multi interface routing

Hello, I wanted to setup routing certain traffic (http/s) out via a second (faster) interface, like described in the following docs (may not post urls): linux-ip.net /html/adv-multi-internet.html thegeekstuff.com /2014/08/add-route-ip-command/ I already had this working years ago on... (0 Replies)
Discussion started by: hyphan
0 Replies

9. SuSE

Facing issue configuring network

Please let me know how to configure network in suse Linux, I have configured the network using ifup and network manager, it is not giving any error but not working, using suse Linux 11.0 sp3 I have checked network connectivity is working. (0 Replies)
Discussion started by: manoj.solaris
0 Replies

LEARN ABOUT X11R4

tc-fw

Firewall mark classifier in tc(8)				       Linux					 Firewall mark classifier in tc(8)

NAME

       fw - fwmark traffic control filter

SYNOPSIS

       tc filter ... fw [ classid CLASSID ] [ action ACTION_SPEC ]

DESCRIPTION

       the fw filter allows to classify packets based on a previously set fwmark by iptables.  If it is identical to the filter's handle, the fil-
       ter matches.  iptables allows to mark single packets with the MARK target, or whole connections using CONNMARK.	The benefit of using  this
       filter  instead of doing the heavy-lifting with tc itself is that on one hand it might be convenient to keep packet filtering and classifi-
       cation in one place, possibly having to match a packet just once, and on the other users familiar with iptables but not tc will have a less
       hard time adding QoS to their setups.

OPTIONS

       classid CLASSID
	      Push matching packets to the class identified by CLASSID.

       action ACTION_SPEC
	      Apply an action from the generic actions framework on matching packets.

EXAMPLES

       Take e.g. the following tc filter statement:

	      tc filter add ... handle 6 fw classid 1:1

       will match if the packet's fwmark value is 6.  This is a sample iptables statement marking packets coming in on eth0:

	      iptables -t mangle -A PREROUTING -i eth0 -j MARK --set-mark 6

SEE ALSO

       tc(8), iptables(8), iptables-extensions(8)

iproute2							    21 Oct 2015 				 Firewall mark classifier in tc(8)
All times are GMT -4. The time now is 09:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy