(this was originally posted to linux kernel) Hi, In order to redirect traffic to a transparent proxy, I'm using ipchains to set fwmark on packet, and an ip rule to throw those packets into an alternate routing table. The simplified setup looks like this: - host R has 4 ethernet cards, eth0 .. eth3 - on eth1 there are host G (the default gateway) and host P (the transparent proxy) - ipchains takes all packets that a) have proto tcp, dport 80 b) do not have daddr on local networks and c) have a specified saddr - and sets fwmark to 1 - routing table 1 contains only a default route with nexthost host P - the is an "ip rule add fwmark 1 table 1" The problem: couple of times a day I get entries in rt_cache that look like "from (some interface of) host R to some host in directly connected networks on eth0, eth2, eth3 via host P" - as if somehow those packets were marked and got caught by the ip rule. But they cannot be marked, because of the ipchains "daddr is not local" restriction (and remember this happens only from time to time) Changing the rule to something like "ip rule add from same_specific_saddr_as_in_ipchains fwmark 1 table 1", though this is redundant, makes the problem go away. So, is there any way packets that do not match the ipchains rule get somehow from time to time a fwmark value of 1? Dan -- Dan Borlovan <danb@dnttm.ro> System Administrator, Network Operation Center Dynamic Network Technologies - ASTRAL TELECOM Telefon: +40-256-204967 FAX: +40-256-220201 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
