[Please reply on the list]
KNO a écrit :
The POSTROUTING table is too late, after the final output routing
decision is made. You must create this rule in the OUTPUT chain instead.
I've try marking in OUTPUT chain and now it doent work at all. The
packets go out, but they doent return. The rule I've added is:
iptables -t mangle -A OUTPUT -p tcp --dport 80 -d ! 192.168.2.0/24 -j
MARK --set-mark 1
You say the packets go out, but how far ? Do they reach the router2 as
expected, meaning that the destination MAC address is router2's MAC
address ? Do they reach the target host ? Does the target host send a
reply packet ?
Does your Linux box perform SNAT or MASQUERADE on the WAN interface ?
By the way, how do things work when you set the box default route via
router2 ?
Also, there is something unclear in your addressing scheme. You wrote :
router1 address 192.168.2.9
router2 address 192.168.2.10
linux address 192.168.2.22
linux default gateway 192.168.2.10
lan workstations use linux as proxy (squid at port 8080) 192.168.2.22
It seems that both your LAN and WAN networks use the same subnet
192.168.2.0/24. And :
:~# ip route ls
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.252
default via 192.168.2.9 dev eth0
I understand these are the routes on the WAN interface. Where are the
interface and route to the LAN ?
