> > is it possible to create a route for a single src address? > > I mean _routing_, not natting. If I nat the pkts their destination will > > change and I need to keep it intact. > > As you say, you mean _routing_, therefore this a routing question, not a > netfilter question. > > You need iproute2 (see http://lartc.org) > This is true, but misleading. Netfilter does provide a nice interface to iproute2 with the fwmark feature. You can use a: iptables -A FORWARD -s 192.168.1.7 -d 192.168.2.0/24 -j MARK --set-mark X to put a particular firewall mark on a particular packet, then you can use ip rule add fwmark X lookup Y which tells the kernel to use routing table Y to lookup the route, and then you must maintain a seperate routing table for each firewall mark, like: ip route add 192.168.1.0/24 via 10.0.0.3 table Y ip route add 192.168.1.0/24 via 10.0.0.4 table Z Of course, X Y and Z represent integers.
