> I'm trying to mark locally generated packets to be able to re-route
> HTTP(S) requets out a different gateway. Similar to a transparent proxy,
> with the exception that I want only traffic generated from this box to
> get marked and re-routed. I've setup everything correctly according to
> the many documents I've found, and I can manually use ip rules to get the
> actions I want, I'm jut not getting a mark recognized by the ip rules.
Something like this should do:
iptables -t mangle -I OUTPUT -p tcp --sport 443 -s <local_ip> \
-j MARK --set-mark 0xc
ip rule add pref 1 fwmark 0xc table 101
ip route add 0.0.0.0/0 via $router table 101
This marks all ports originated on TCP port 443 of <local_ip> with
"0xc" and for all packets with 0xc the routing table "101" will
be used which routes everything that hits it towards $router.
I asumme you used the PREROUTING chain of the mangle table instead
of the OUTPUT chain.
joerg
