Hi, On 01/07/2010 11:56 AM, Luiz Biazus wrote:
let me explain what is funny i have this plataform:
ubuntu 9.04 kernel 2.6.32 iptables 1.4.6 squid 3.1 running in port 8012
[...]
until here all is OK even i can UP all this rulles that i discribe before and every thing seems to be OK!
BUT!
if i up THIS RULES:
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
I LOST COMMUNICATION WITH MY PROXY
I'm afraid this was caused by Jamal's rp_filter change committed in Linux 2.6.32. You can find more information on the issue in the linux-netdev or tproxy mailing list archives: http://marc.info/?l=linux-netdev&m=125925598910379&w=2 This is expected to be fixed in an upcoming -stable release (2.6.32.z), in the meantime you can use the workaround mentioned in that mail thread: instead of the 'ip rule add fwmark 1 lookup 100' rule, you have to use one rule per interface. <quote> The workaround is using more specific ip rules that include the ingress interface name: # ip rule add dev eth0 fwmark 1 lookup 100 (repeat the above for each interface except lo.) </quote> Hope this helps. Cheers, Krisztian