Good day! I'm getting trouble in policy routing on debian etch with linux-2.6.18-4-486 router and dual network interface. I want to make second MX for my domain on the same server as first, but on another network interface from second ISP. That is my firewall settings: CSD is remote host TEST1 is my server with MX #INPUT iptables -t mangle --append PREROUTING --protocol tcp --syn -m state --state NEW --source $CSD --dst $TEST1 --in-interface eth1 --jump CONNMARK --set-mark 0x1 iptables -t mangle --append PREROUTING -m connmark --mark 0x1 --source $CSD --dst $TEST1 --in-interface eth1 --jump CONNMARK --restore-mark iptables --append INPUT -m connmark --mark 0x1 --source $CSD --dst $TEST1 --in-interface eth1 --jump ACCEPT # OUTPUT iptables -t mangle --append OUTPUT -m connmark --mark 0x1 --source $TEST1 --dst $CSD --jump CONNMARK --restore-mark iptables --append OUTPUT -m connmark --mark 0x1 --source $TEST1 --dst $CSD --out-interface eth1 --jump ACCEPT that is my ip settings: GATE is my default gw for eth1 interface ip route add $GATE dev eth1 table ytk ip route add default via $GATE dev eth1 table ytk /sbin/ip rule add fwmark 0x1 table ytk The result is: iptables INPUT rules passes well, but output rules fails, because packets wanted to get out through eth0. May 22 16:18:09 test kernel: marked output finded IN= OUT=eth0 SRC=<TEST1> DST=<CSD> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=22 DPT=3029 WINDOW=5792 RES=0x00 ACK SYN URGP=0 I googled this quiestion last 3 days and i have unsuccessful result. Where is mistake and why packets, marked as 0x1, doesn't goes through eth1? Anybody has any ideas about this question? Thanks in advance. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
