On Thu, 2008-12-11 at 13:18 +0100, Javier Gálvez Guerrero wrote: > Hi all, > > I need to route packets through different interfaces (let them be ath0 > and eth0) depending on the application source port, so I thought using > TOS or MARK targets of iptables would be helpful. > > Anyway, as I try configure it to mark the traffic and updating the > routing tables through many different ways, I can't get it working so > the packets are always sent through the "default" interface in the > main routing table. > > For example, if I use MARK I configure it this way: > > sudo iptables -A OUTPUT -t mangle -p tcp --dport 60301 -j MARK --set-mark 1 > sudo iptables -A OUTPUT -t mangle -p tcp --dport 60302 -j MARK --set-mark 2 AFAIK, locally generated packets are routed before they are sent to netfilter, so setting fwmarks there to influence routing is pointless. See http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html Figure 3a If you can use two different source IPs, you could probably bind them to each interface and then you wouldn't need policy routing at all to achieve your objective. > sudo ip rule add fwmark 1 table 1 prio 1 > sudo ip rule add fwmark 2 table 2 prio 2 > > sudo ip route add table 1 nexthop via 192.168.0.1 dev ath0 > sudo ip route add table 2 nexthop via 192.168.0.1 dev eth0 > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
