Help with ip route to route to virtual ethernet veth

angola1 · February 14, 2023, 8:49am

hello

is it possible to route upload to another device with ip route i did that for download using these command and it works

ip link add dev dw type veth peer dwpeer
ip link set dev dw up
ip link set dev dwpeer up
brctl addif br-lan dwpeer
ip link set dwpeer promisc on
ip route add default dev dw table 100
ip rule add fwmark 100  table 100 priority 100
iptables -t mangle -F PREROUTING
iptables -t mangle -A PREROUTING -p 17 --sport 443 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p 6 --sport 443 -j MARK --set-mark 100

i want to do the same but for upload and piroity in ip route 0 mean serve first ?

trendy · February 14, 2023, 10:56am

What do you mean by "upload"? Currently you route packets from source port 443 to routing table 100, so I would consider this upload.

I believe you mean in ip rule and 0 is used for local traffic, better used some larger number for the priority.

angola1 · February 14, 2023, 11:06am

i mean for upload is egress of wan interface, and i changed pirority of local to 32000 my question is if i typed this command ip rule add fwmark 126 table 126 priority 1 and i put certin marked traffic with iptables let say this
iptables -t mangle -A PREROUTING -p 17 --dport 443 -m comment --comment youtube-test -j MARK --set-mark 126

this marked traffic will be serverd first

trendy · February 14, 2023, 11:13am

The rule you have in the first post is also wan egress.

Not served first, it will be evaluated earlier that the other rules you have.

angola1 · February 14, 2023, 11:17am

but marked packet cover destination ip for br-lan in first post
the port 443 is from internet not assign to local network

iptables -t mangle -A PREROUTING -p 17 --sport 443 -j MARK --set-mark 100
iptables -t mangle -A PREROUTING -p 6 --sport 443 -j MARK --set-mark 100

trendy · February 14, 2023, 11:27am

Maybe you can explain what are you trying to achieve? Because I don't make any sense from what you have posted already?

angola1 · February 14, 2023, 11:33am

what i'm trying to do is to create veth interface and route marked packet by iptables to that interface i successfully do that with ingress side with these commands

ip link add dev dw type veth peer dwpeer
ip link set dev dw up
ip link set dev dwpeer up
brctl addif br-lan dwpeer
ip link set dwpeer promisc on
ip route add default dev dw table 100
ip rule add fwmark 100  table 100 priority 100
iptables -t mangle -F PREROUTING
iptables -t mangle -A PREROUTING -p 17 --sport 443 -m comment --comment youtube-test  -j MARK --set-mark 100

i want to do that but for egress side the oppiste side

trendy · February 14, 2023, 11:40am

Okay, but why are you trying to do this? What is the objective behind all that? What are the limitations and you are not using simple routing?

angola1 · February 14, 2023, 11:42am

i want to monitor youtube traffic sparetly and torrent and facebook