You are off basis. The System already routes twice. The problem is that it SNAT's after you've already routed the packet. You will have to mark the packet in the PREROUTING chain then setup iproute2 rules that describe what to do with it. I've had many bad experiences with getting iproute2 working under 'complex' configurations, so it is up to you in getting it to work the way you'd like. There is also the ROUTE patch, but it doesn't do what I want it to do (change the packet's route!!). -----Original Message----- From: Akos Szalkai [mailto:szalkai@xxxxxxxxx] Sent: Friday, November 28, 2003 9:34 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: mangle after nat in the postrouting chain Hello, is there any kind of patch (or even consideration to create one) for packet mangling in the POSTROUTING chain after NAT? (At least as far as I see, right now it's mangle first, then NAT.) I can also see the advantages of mangle before NAT, so perhaps the ideal solution would be mangling twice on the POSTROUTING chain, if it is possible. The situation where I would find mangling after NAT very handy is the following. I have two independent internet connections, and a few NAT rules which eventually decide the source address of the outgoing packet. And only now, knowing the source address is it possible to route the packet correctly. Since we are way after routing here, only mangle could help. Please correct me if I am not understanding things correctly. Akos -- Akos Szalkai <szalkai@xxxxx> IT Consultant, CISA 2F 2000 Szamitastechnikai es Szolgaltato Kft. Tel: (+36-1)-4887700 Fax: (+36-1)-4887709 WWW: http://www.2f.hu/
