Check for packets MARKed by iptables

linux networking routing iptables tcpdump
11,896

Probably, they are not: your routing commands are wrong: you use 

   ip route add default via 192.168.0.0 dev eth0 table routeTcp
   ip route add default via 192.168.1.0 dev wlan0 table routeUdp

while they should be

   ip route add default via 192.168.0.1 dev eth0 table routeTcp
   ip route add default via 192.168.1.1 dev wlan0 table routeUdp

if your gateways are 192.168.0.1 and 192.168.1.1, respectively; if not, pls adjust accordingly.

As for checking, 

     tcpdump -i eth0 -n udp

in one terminal, and 

     tcpdump -i wlan0 -n tcp

in another terminal; they should both return no crossing packets.

EDIT:

Sorry, I forgot we need to distinguish between incoming and outgoing packets, only the outgoing ones are segregated. Pls use

       tcpdump -i wlan0 -n tcp and src host The_IP_ADDRESS_of_Wlan0
       tcpdump -i eth0 -n udp and src host The_IP_ADDRESS_of_eth00
Share:
11,896

Related videos on Youtube

Giancarlo
Author by

Giancarlo

Software engineer

Updated on September 18, 2022

Comments

  • Giancarlo
    Giancarlo over 1 year

    I am marking TCP and UDP packets in order to send them to two different interfaces (say wlan0 and eth0), I did this by following this answer.

    Assuming this configuration:

    eth0 address:  192.168.0.84 

wlan0 address: 192.168.1.22

    I am setting the following rules/routes:

    #!/bin/bash
iptables -A PREROUTING -t mangle -p tcp -j MARK --set-mark 1
echo 201 routeTcp >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table routeTcp
ip route add default via 192.168.0.0 dev eth0 table routeTcp

iptables -A PREROUTING -t mangle -p udp -j MARK --set-mark 2
echo 202 routeUdp >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table routeUdp
ip route add default via 192.168.1.0 dev wlan0 table routeUdp

    route -n output:

    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0

    ip route show output:

    default via 192.168.0.1 dev eth0  proto static 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.84  metric 1 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.22  metric 9

    ip route show table routeUdp:

    default via 192.168.1.1 dev wlan0

    ip route show table routeTcp:

    default via 192.168.0.1 dev eth0

    iptables -nL -v --line-numbers -t mangle output:

    Chain PREROUTING (policy ACCEPT 388K packets, 474M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     360K  464M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK set 0x1
2    27269   11M MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK set 0x2

Chain INPUT (policy ACCEPT 385K packets, 474M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 290K packets, 33M bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 290K packets, 33M bytes)
num   pkts bytes target     prot opt in     out     source               destination

    How can I check that the packets are actually being sent by the right interface?

    I've been struggling with tcpdump with no success.

    Thank you guys.

  • Giancarlo
    Giancarlo over 8 years
    well... you almost made my day... I see no TCP packets on wlan but I can still see some UDP packets on eth. Adding gateways does not change the situation: pastebin.com/pyRXRFmX
  • MariusMatutiae
    MariusMatutiae over 8 years
    @Giancarlo incoming or outgoing? pls read my edit
  • Giancarlo
    Giancarlo over 8 years
    Ops, I forgot to say outgoing... I am gonna test it again after a reboot ;)
  • Giancarlo
    Giancarlo over 8 years
    Nothing to do... eth0: lots of UDP (NOK), all the TCP(OK) wlan0 just some UDP (NOK, just five packets) and no TCP (OK)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Source Based Policy Routing & NAT (DNAT/SNAT) aka Multi WANs on CentOS 5
Two NICs on the same subnet but with different networks?
iptables vs route
Using tcpdump to find strings
multicast routing - CentOS 5
Cannot add route SIOCADDRT: Network is unreachable
Block ip forwarding for specific remote ip address
Routing between two subnets using a Linux box with two NICs
Routing application traffic through specific interface
Forward traffic between VLANs with iptables