i have a linux router box ( kernel 2.6.23.12 iptables 1.4.0 ) with 3 interface, eth0 to lan , eth1 to isp1 ,eth2 to isp2. i add these rule to iptables's nat table: -A POSTROUTING -s LAN_IP -o eth1 -j MASQUERADE -A POSTROUTING -s LAN_IP -o eth2 -j MASQUERADE then, add route to route table: ip route add 0/0 via ISP1_GW dev eth1 ip route add 0/0 via ISP2_GW dev eth2 tables ISP2 now ,i want some ip in my lan out with ISP2, use this rule : ip rule add from SOME_IP table ISP2 it is work fine. but when i use iptables add mark to out-traffic and use ip rule with fwmark like this: iptables -t mangle -A PREROUTING -s SOME_IP -j MARK --set-mark 11 ip rule add fwmark 11 table ISP2 the SOME_IP computers can't access internet , what's wrong ? Does anyone have hints ? _________________________________________________________________ 新年换新颜,快来妆扮自己的MSN给心仪的TA一个惊喜! http://im.live.cn/emoticons/?ID=18 -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
