Le mer 10/03/2004 à 09:15, Hitesh Ballani a écrit : > thanks for your comments on tunnels ... actually i am working on a model > for anycast deployment and need to have the 16 bits so that i can support > 256*(2^16) services using a single /24 block .. OK. If I understand your context (what may not be true), your problem is that you have to route packets against destination port and that MARK capabilities are too limited for you to have Netfilter communicate within policy routing. So, have you considered using ROUTE target (from patch-o-matic), that allows one to specify a specific route for a given packet within Netfilter. With it, you could implement rule just like this : iptables -t mangle -A POSTROUTING -p tcp --dport $myservice \ -j ROUTE --gw $myservicegw -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
