Well, I'm stating my problem from the beginning: I have a computer in my LAN with 2 ips (192.168.1.10 and 192.168.1.11), the latter one created by "ip addr add" and users on that computer, and depending on the uid of the created packets i want those to take another source address. Of course, it should start with marking the packets with a simple iptables rule: iptables -t mangle -A OUTPUT -m owner --uid-owner 1001 -j MARK --set-mark 1 so, next step should be, to create a new table, so i entered this into /etc/iproute2/rt_tables: 1 thilo so that table 1 should have the identifier "thilo". Next step is, to enter a rule for this table: ip rule add fwmark 1 table thilo and indeed: router:/etc/init.d# ip rule ls 0: from all lookup local 32765: from all fwmark 1 lookup thilo 32766: from all lookup main 32767: from all lookup default router:/etc/init.d# now, i should only have to enter the route into the table: ip route add 192.168.1.0/24 dev eth0 src 192.168.1.11 proto kernel a final "ip route flush cash", and this should be it. As soon, as i log in as user "thilo" (uid 1001), and i for example connect per ssh to 192.168.1.4 (another computer in my lan), it _should_ show me logged in from 192.168.1.11, but instead it still shows: thilo pts/8 Apr 23 18:37 (192.168.1.10). The table as well as the route entry are correct, i am sure of this, for i have tested removing the fwmark rule and instead added: ip rule add to 192.168.1.4 table thilo everything worked then as i have intended, and it showed me logged in from 192.168.1.11 then. So it might be, that the Marks are not being set, i checked that too, i replaced the iptables -t mangle -A OUTPUT -m owner --uid-owner 1001 -j MARK --set-mark 1 with iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1 - still no success. So I tried placing this rule into the PREROUTING chain (for testing though, INPUT should be absolutely correct), and - oh wonder - no success either ;) Another problems checked too: I have enabled MARK based routing in the kernel (policy routing, everything switched on ..) So I only can ask you on this mailing list - anyone got an idea of what is/what i did wrong? - Thilo Schulz
