Ciprian Niculescu wrote:
steps: - mark pachets to port 80 comming from the internal interface - put them in a different routing table - put the default in the new table where do you want to go
It seems that 'iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 0x1' works, because iptables -t mangle -L -v outputs packet count sizes and shows that the specific rules are being matched.
ip rule add fwmark 0x1 table 230
ip route add default via 194... table 230
i sugest that you mark pachets in the PREROUTING with:
iptables -t mangle -A PREROUTING -i <internal interface> -p tcp \
--dport 80 -j MARK --set-mark 0x1
sorry, forgot to mention this. We have done this.
When doing a tcpdump on the cable modem, we were seeing packets coming back from (say) yahoo.com around 10-15 seconds after sending them with the IP address of the iDSL circuit!! which doesn't make sense at all.
after put the ip rule add fwmark 0x1 table 230 ip route add default via 194... table 230
to be the last lines executed in the script, in this way the rule will be threated first, see with "ip rule" the order
ok.
hope that helps
thanks.
-- Jason A. Pattie pattieja@xxxxxxxxxxxxxxx
-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
