See recent discussion about the routing decision in the netfilter-devel archive.
As I understood it:
The first routing decision is taken only for packets originating from an unbound socket. If the source ip address is determined (by the routing decision), then the packet travels through the output chains and only if it is changed in the mangle table it can be re-routed.
For packets originating from a bound socket, no routing decision is taken before the output chain, only the routing decision after is taken.
Regards Wim
Daniel Chemko wrote:
If you mark a packet in the OUTPUT table, the routing algorithm should re-run and decide the path that was defined in the routing policy, so here is the order of relevant events:
Program Send Packet Routing Decision - Go out normal Interface MANGLE: OUTPUT - Mark packet as fwmark 1 Routing Decision - Choose route as usual, but include fwmark 1 in equation.
Warning: That is supposedly the behavior, but I have yet to get it working properly.
-- Wim Ceulemans R&D Engineer
Secure Internet Communication with aXs Guard
Able NV Leuvensesteenweg 282 - B-3190 Boortmeerbeek - Belgium Phone: + 32 15 50.44.00 - Fax: + 32 15 50.44.09 E-mail: wim.ceulemans@xxxxxxx
-- Security check on this e-mail has been done by aXs GUARD (http://www.axsguard.com)
