Try using iproute2 ip assigning and not ip aliasing as I find aliasing=evil for some things. ip addr add 192.168.1.101/24 dev eth1 Also, have you tried using SNAT instead of iproute for a simple snat of the source address? iptables -I POSTROUTING -o eth1 -t nat -s 192.168.1.1 -d 192.168.1.250 -j SNAT --to 192.168.1.101 Thanks, ____________________________________________ George Vieira Systems Manager Citadel Computer Systems Pty Ltd http://www.citadelcomputer.com.au -----Original Message----- From: lartc@xxxxxxxxxxxxxxxxxxx [mailto:lartc@xxxxxxxxxxxxxxxxxxx] Sent: Sunday, July 13, 2003 5:40 PM To: netfilter Subject: marking in output mangle with route lookup hello all, i posted this to the lartc forum, and received no response, so i am hopeful that someone here can advise. i have come accross a curious issue: +----------------------+ +---------------+ | eth1 192.168.1.1 |------------| 192.168.1.250 | | eth1:1 192.168.1.101 | | | +----------------------+ +---------------+ iptables --append OUTPUT --table mangle --jump MARK --set-mark 0x2 ip rule add fwmark 0x2 table 2 ip route add 192.168.1.0/24 dev eth1 src 192.168.1.101 table 2 ip route flush cache telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.1 ip rule add to 192.168.1.250 table 2 ip route flush cache telnet 192.168.1.250 ; and tcpdump gives src ip address as 192.168.1.101 are there issues concerning the marking of OUTPUT packets generated on the local box that i should be aware of? many, many thanks charles
