I think you misunderstand the FTP protocol. The FTP commands are sent to the server's port 21 and the data is sent FROM the server port 20 to a local unprivileged port (>1024). I think you should set your mark dependant on source port instead of destination port. Another way: use passive FTP, where the client initiates the connection to a unprivileged server port. (I know I don't give all the answers here, but hope it's a good start for you. On Mon, 4 Dec 2000, Stefan Bayer wrote: > Hello! > I want to use my isdn (ippp0) connection for ftp transfer and my adsl > (eth0/ppp0) connection for all other transfer from my LAN (eth1) connected to > the router. > I managed to set up iproute2 with fwmarks to send out packet to ippp0, but > the data connection is done by adsl. > What do I have to set up to get this working correctly? > my iptables setup: > $IPTABLES -A PREROUTING -t mangle -p TCP -d ! $LOCALNET --dport 21 -j MARK > --set-mark 1 > $IPTABLES -A PREROUTING -t mangle -p UDP -d ! $LOCALNET --dport 21 -j MARK > --set-mark 1 > $IPTABLES -A PREROUTING -t mangle -p TCP -d ! $LOCALNET --dport 20 -j MARK > --set-mark 1 > $IPTABLES -A PREROUTING -t mangle -p UDP -d ! $LOCALNET --dport 20 -j MARK > --set-mark 1 > > routing in table ippp0: > ip route list table ippp0 > 195.3.65.72 dev ippp0 proto kernel scope link src 212.183.78.79 > default via 195.3.65.72 dev ippp0 > > other routing: > ip route list > 212.88.181.5 dev ppp0 proto kernel scope link src 212.88.xxx.xxx > 195.3.65.0/24 dev ippp0 proto kernel scope link src 212.183.78.79 > 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.2 > 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 > 127.0.0.0/8 dev lo scope link > default via 212.88.181.5 dev ppp0 > > > ip rule list > 0: from all lookup local > 32765: from all fwmark 1 lookup ippp0 > 32766: from all lookup main > 32767: from all lookup default
