Linux two channel not working mark?

K

kiranananda2020-12-30 22:55:41

linux

kiranananda, 2020-12-30 22:55:41

Hello.
I broke my whole head, help me out.
There is centos 7, 2 Internet access. Is ip rule with the filter on brands.

$fw -t mangle -A PREROUTING -s 169.255.1.55 -j MARK --set-mark 0xA

In this variant, the traffic is sent outside, then the return packet arrives at the router and disappears there ... That is, it does not go further to the local network ... But it wraps in the ip rule for sure.
If I do this, then the
ip ru a from 169.255.1.55 table 100
traffic comes back great, but I can’t do that, I need to filter out some of the local traffic ...
The same thing happens with DNAT. If there is a direct rule in rule, everything works if the packet is lost in the firewall through mark.
I'm almost sure that this is some kind of system security setting, but I just have no idea how to dig it ((...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

kiranananda, 2020-12-30
@kiranananda

This whole topic has earned here after such a perversion. I had to add a default to the main routing table on the backup channel, so you can duplicate it...

default via 1.1.1.1 table 100                                                                                                       
default via 1.1.1.1 metric 200