|
Matthew Crocker wrote:
> ip rule add prio 100 fwmark 1 table 100
> ip rule add prio 100 fwmark 2 table 100
> ip route add local 0/0 dev lo table 100
crafty :-)
the last one means "all packets sent to table 100
from 0/0 go to dev lo"?
OK you can send it the packets to lo, but why does lo accept it?
Why doesn't lo just say "I only have 127.0.0.1, forget it"
I tried this with `route` back
in the old days and I never got it to work.
I'd assumed that the tcpip stack would not accept
a packet if there wasn't something (transparent
proxy or a device with an IP) there to accept it,
ie you just couldn't push a packet there and expect
it to go.
> The cool thing about this setup is that packets going to the SIP that
> are not tagged (i.e. not for services I provide) are not considered
> local by the kernel and are routed back out to the upstream router
> (creating a routing loop). You cannot traceroute/ping my SIP addresses.
fiendish
do you know why do we need transparent proxy if we can do this?
> My next step would be to create a blackhole box and set that as the
> default route for those packets so they go into the bit bucket instead
> of the route loop.
can you give the incantation you use (so save me making it up
and getting it wrong)?
I've been looking for a good way of getting arbitary packets accepted
by the director when setup with fwmark. The only thing we've had
so far is transparent proxy or putting IPs onto the director that
match the dst_addr of the packets which get marked by fwmark.
The 2nd method there seems terrible crufty to me.
thanks
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
