Hey there, I wish people threw in more ideas... what I tried now is this: my problem is that I need to route the packet on the way out according to the original destination, but the only place it will NAT the destination is before routing, so what I did waqs mark packets with the netfilter MARK target and then have iproute2's code select the routing table based on the fwmark. it's covoluted but should work in theory: 1) MARK the incoming packet in table mangle on chain PREROUTING and OUTPUT 2) add a rule to the RPDB to map the NATsource based on the source and iface it came by, and then it goes to table main be default (problem! it should be a map based on the destination!) 3) open a new table (same ID as the MARK for conveniance) and add NAT to destination back to its real address (thus losing the original target, all I have left is the MARK to route with) 4) packet goes back to traverse the RPDB, where I catch it with another, lower priority rule than (2) based on the fwmark, sending it to the table I opened in (3) where I have a route to the right interface for the real address. now this would work in theory if I could do (2) as NAT and then traverse the RPDB again without sending it to a specific lookup table, is this making sense? or can I send it to the local table and it will traverse the rest of the RPDB when it gives up? am I missing another way of doing this without a routing table per interface? Any and all help is appreciated in advance, Thanks, Ira. -- The little prince Ira Abramov http://ira.abramov.org/email/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
