Hello, KNO a écrit :
I've this HW configuration: ----------------->router1---| -Internet- |--->linux--->LAN ----------------->router2---| router1 address 192.168.2.9 router2 address 192.168.2.10 linux address 192.168.2.22 linux default gateway 192.168.2.10 lan workstations use linux as proxy (squid at port 8080) 192.168.2.22 At now all trafic in lan goes to internet trougth router2, but II want that the web traffic goes througth router1. I've try marking the packages #iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1
I'd insert a match on the LAN interface in this rule to make sure it captures only traffic from the LAN.
and add a route (as described in lartc) # echo 201 web >> /etc/iproute2/rt_tables # ip rule add fwmark 1 table web # ip route add default via 192.168.2.10 table web
This setup has no effect if your LAN hosts use the proxy. It is effective only with forwarded connexions.
I've added the following rule: iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j MARK --set-mark 1 because packets are generated by proxy.
The POSTROUTING table is too late, after the final output routing decision is made. You must create this rule in the OUTPUT chain instead.
