Hello all, I'm using iproute2 + ipchains and have a question about locally generated packets. I have noticed that I have no problem marking packets in the input chain from sources other than my router. These packets are marked and routed exactly as I expect. Now supposing I want to mark particular outbound packets which are locally generated. The only solution I have found so far (http://www.quintillion.com/moat/ipsec+routing/iproute2.html) suggests # ip rule add iif lo lookup $other But the side effects are tremendous. All of the processes on this box suddenly start using the $other routing table (exactly as I told them to!), which is not what I desire. If I try marking the special locally generated packets with # ipchains -I input -p tcp -s $OUTIF $PORT -d $ALL -m $other -j ACCEPT nothing changes. The return traffic ends up flowing out my main link according to my main routing table. When I look at the ipchains HOWTO on how packets traverse filters, http://www.tldp.org/HOWTO/IPCHAINS-HOWTO-4.html#ss4.1 I fear that the routing decision has already been made by the time the local process is generating a packet. Is there any way around this problem? -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
