> > At now all trafic in lan goes to internet trougth router2, but II want > that the web traffic goes througth router1. In case you mean the web traffic, as generated by squid, then just use -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1 > I've try marking the packages > #iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1 > and add a route (as described in lartc) > # echo 201 web >> /etc/iproute2/rt_tables > # ip rule add fwmark 1 table web > # ip route add default via 192.168.2.10 table web > I've added the following rule: > iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j MARK --set-mark 1 > because packets are generated by proxy. > Some data: > :~# ip route ls > 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.252 > default via 192.168.2.9 dev eth0 > :~# ip rule ls > 0: from all lookup local > 32765: from all fwmark 1 lookup web > 32766: from all lookup main > 32767: from all lookup default > :~# ip route ls table web > default via 192.168.2.10 dev eth0 > > It doesn't work. What I'm doing wrong? > Thanks > > -- > a8888b. > d888888b. > 8P"YP"Y88 > 8|o||o|88 > 8' .88 > 8`._.' Y8. > d/ `8b. > dP . Y8b. > d8:' " `::88b > d8" 'Y88b > :8P ' :888 > 8a. : _a88P > ._/"Yaa_: .| 88P| > \ YP" `| 8P `. > / \.___.d| .' > `--..__)8888P`._.' > Jan Engelhardt --
