I've tried w/o success and then googled for answers which led me to a couple old messages in the linux-net archives that predate 2.2 kernel. Anyway, I've got a linux router with 2 internet connections. I'm trying to send my port 80 traffic out one (#2) pipe, and just leave all other traffic on the default T1 (#1). I'm partially successful using iptables to mangle/mark all port 80 in prerouting, then use iproute2 to setup an advanced route based on the mark value to forward to connection #2. Using tcpdump/ethereal I can see that everything is working but the last step. Traffic dst 80 leaves my laptop, goes to my linux router on eth1, goes out my eth0 on router to the other router out on the internet and recv's the traffic back from the remote, all the way up to the linux router which is doing the advanced routing, and then it's lost. ip rule ls 32764: from all fwmark 50 lookup http ip route ls table http [laptop ip] dev eth1 scope link default via [#2 router ip] dev eth0 iptables -t mangle -I PREROUTING -s [laptop ip] -p tcp --dport 80 -j MARK --set-mark 0x50 Like I said, the traffic one hop away from being complete, I get traffic back from remote all the way up to the router one hop from my laptop, which is the router doing the advanced routing also. Examining the packets shows me that the ether dst is that of my router, but the IP dst is that of my laptop - so why isn't my router passing those packets to my laptop? Thanks. P.S. If I simply route by source address in rules it works fine. But if I use the mark based route rule, and mark all traffic from my laptop IP# it is broken, so it would seem the problem would have to be with the marking. -- http://www.skycon.net/ ICQ: 1796276 pgp: http://www.jeetkunedomaster.net/~junfan/pgp.key OS: Mandrake Linux http://www.mandrakelinux.com - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
