> \> So it might be, that the Marks are not being set, i checked that too, i > > > replaced the > > iptables -t mangle -A OUTPUT -m owner --uid-owner 1001 -j MARK > > --set-mark 1 with > > iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1 > > - still no success. So I tried placing this rule into the PREROUTING > > chain (for testing though, INPUT should be absolutely correct), and - oh > > wonder - no success either ;) > > If you do "iptables -L -v -n -t mangle", do the counters increment ? > > Stef Yes, they do. I am also sure now, that marking is working: I have tried the same on another host that uses a gateway to access the internet, but has several ips on the net. If i do not enter the route (via option) the packets are not reaching their destination, if i am creating those as a given user, as all other user it does work. If i give the via option in the "ip route add table thilo src ....." command, the packets are reaching their destination again - yet even though i have given the source ip that should have been used, it is still using the primary one. Could this be a bug in the routing code? - Thilo Schulz
