Hi Martin, Catalin, Chijioke, This subject intrigues me greatly and is closely related to a post of just a few days ago: <snip from my original post> > >+----------------------+ +---------------+ > >| eth1 192.168.1.1 |------------| 192.168.1.250 | > >| eth1:1 192.168.1.101 | | | > >+----------------------+ +---------------+ > > > > > >iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2 > >ip rule add fwmark 0x2 table 2 > >ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as > >192.168.1.1 > > > > > >ip rule add to 192.168.1.250 table 2 > >ip route flush cache > > > > > >telnet 192.168.1.250 ; and tcpdump gives src ip address as > >192.168.1.101 > According to my reading of the KPTD (and my understanding), packets > generated on the local machine have already been routed by the time the > OUTPUT chain is traversed. See: > > http://www.docum.org/stef.coene/qos/kptd/ i have spent alot of time looking at this diagram and don't understand what happens when. curiously, to my post patrick McHardy was kind enough to test and: On Sun, 2003-07-13 at 23:43, Patrick McHardy wrote: > I tested your setup and it works fine (with 2.5 though). Are you sure > you have > CONFIG_IP_ROUTE_FWMARK enabled for your running kernel ? ip rule won't > give errors if not .. very interesting, and i have yet to make it work here, although i haven't debugged it yet > : have u tried putting it on the FORWARD chain?? > > Unfortunately the FORWARD chain will not work if these are locally > generated packets. yup. > > I see two potential approaches to this problem: > > - invert your logic; main routing table uses ppp0 gateway IP as default > gateway, mark all traffic passing through your router box, and use > "ip rule add fwmark $MARK table $INTERNET" with another routing > table for the Internet-bound traffic. martin, this is pure genius > > - send all locally generated traffic via ppp0; "ip rule add iif lo > table smtp" and watch all traffic generated on the local machine leave > via ppp0. You'll want to add the locally connected networks to table > smtp. can you comment why this is -- ip rule to xxx.xxx.xxx.xxx table n works, and iptables fwmark y table n doesn't? is it because OUTPUT checked the rule while the packet was "generated" locally, but not after it was marked? 1000 thanks charles
