> for marking i use: > "iptables -t mangle -A PREROUTING -i eth4 -s 192.168.0.22 -d 141.24.12.2 -j > MARK --mark-with 1" > > for selecting a routing table upon that marking i use: > "ip rule add fwmark 1 table test" > OK. Are these two instructions the only instructions active on the box? > while table test has a local network route, a host route to the ppp peer and > a default route to the internet over the ppp peer as gateway. > > the main table is the same but using another ppp interface. > > all the other tables only differ only in the way out, but all include the > route to the one and only local net. > > > back to the problem: > the marking doesnt seem to be the problem. if i let the marking stay and > just remove the upon routing rule and replace it with: > "ip rule add from 192.168.0.22 table test" > then everything works absolutely fine. so i think its something with the > iproute trying to use the firewall mark what drops the packet, because it > seems to disappear while beeing routed. > Both: "ip rule add fwmark 1 table test" and "ip rule add from 192.168.0.22 table test" are being used for the ping packets and seem to be equivalent. Your problem seems to be the loss of the pong packets, right? > tcpdump verifies, that indeed replies are coming in and shows, that no icmp > error messages are sent out, what should be the case if no route back could > be found due to incorrect routing. This part is not completely correct. The ICMP messages would go out through ppp0, right? and you're not capturing that. Do a simultanious tcpdump on all the ppp interfaces and let us know the result. Although, with the output of "ip rule" it looks to me that table main must be taken for the return traffic and you have a route to 192.168.0.0/24 there. Ramin
