linux 嵌入式 iptables set-mark 和 ip rule 策略问题。
在实例中我想将端口161(snmp)发出的报文,通过wan2.1发出, 于是设置了 setmark来管理报文。
但却没有实现相关。求大神帮忙为什么 在ip rule 19999直接跳过了 运行了30000 ???
iptables 中可以看到最报文进行了set mark :
Chain OUTPUT (policy ACCEPT 7 packets, 591 bytes)
num pkts bytes target prot opt in out source destination
1 191 15876 MARK udp -- any any anywhere anywhere udp spt:161 MARK set 0x5
2 3 252 DROP all -- any any anywhere anywhere mark match !0x5
ip rule show :
# ip rule show
0: from all lookup local
1000: from all lookup rt-static
10101: from all to 192.168.10.1 lookup rt-wan1.1
10102: from all to 192.168.10.1 lookup rt-wan2.1
10103: from all to 192.168.10.1 lookup rt-wan3.1
10301: from 192.168.10.223 lookup rt-wan1.1
10302: from 192.168.10.140 lookup rt-wan2.1
10303: from 192.168.10.218 lookup rt-wan3.1
10500: from 192.168.11.1 lookup rt-br0
19999: from all fwmark 0x5 lookup rt-wan2.1
30000: from all lookup rt-wan3.1
30001: from all lookup rt-wan1.1
30002: from all lookup rt-wan2.1
30200: from all lookup rt-br0
32766: from all lookup main
32767: from all lookup default