2009/5/17 Jan Engelhardt <jengelh@xxxxxxxxxx>: >It also applies to local traffic. The packet will be re-evaluated by >routing if it changed its mark in the OUTPUT chain. It doesn't work. debian:/home/houska# iptables -A OUTPUT -t mangle -p tcp --dport 60353 -j MARK --set-mark 100 debian:/home/houska# iptables -A OUTPUT -t mangle -p tcp --dport 60354 -j MARK --set-mark 100 debian:/home/houska# ip route add default via 10.6.6.6 dev ppp0 table cdma debian:/home/houska# ip rule add from all fwmark 100 table cdma debian:/home/houska# debian:/home/houska# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination ... Chain OUTPUT (policy ACCEPT) target prot opt source destination MARK tcp -- anywhere anywhere tcp dpt:60353 MARK xset 0x64/0xffffffff MARK tcp -- anywhere anywhere tcp dpt:60354 MARK xset 0x64/0xffffffff Chain POSTROUTING (policy ACCEPT) target prot opt source destination debian:/home/houska# debian:/home/houska# ip route ls table cdma default via 10.6.6.6 dev ppp0 debian:/home/houska# debian:/home/houska# ip route ls 10.160.3.42 dev ppp0 proto kernel scope link src 10.162.62.199 debian:/home/houska# debian:/home/houska# ip rule ls 0: from all lookup local 32765: from all fwmark 0x64 lookup cdma 32766: from all lookup main 32767: from all lookup default debian:/home/houska# debian:/home/houska# tcptraceroute ip.add.re.ss 60353 connect: Network is unreachable debian:/home/houska# tcptraceroute ip.add.re.ss 60354 connect: Network is unreachable debian:/home/houska# :( Same problem is with OpenVPN. What am I doing wrong? Thanks Jan -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
