Hi. I am trying to get outbounds packets destined for TCP port 80 tunneled through a pptp VPN (out the ppp0 interface). I've tried following the example at http://lartc.org/howto/lartc.cookbook.squid.html but from the remote web site's viewpoint, the request comes from the eth0 address of my server, instead of through the VPN. Diagram of what I am trying to accomplish: [my server] ---pptp--> [VPN server] --> website Should this work with an ppp0 interface? How do I get help debugging this, please? My server: 38.98.245.202 pppd: local IP address 192.168.2.131 pppd: remote IP address 192.168.2.125 [root@vulture ~]# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- anywhere anywhere tcp dpt:http MARK set 0x2 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination [root@vulture ~]# [root@vulture ~]# ip rule ls 0: from all lookup 255 32765: from all fwmark 0x2 lookup www.out 32766: from all lookup main 32767: from all lookup default [root@vulture ~]# ip route list table www.out default via 192.168.2.125 dev ppp0 [root@vulture ~]# ip route 192.168.2.125 dev ppp0 proto kernel scope link src 192.168.2.133 69.15.192.18 via 38.98.245.201 dev eth0 src 38.98.245.202 38.98.245.200/29 dev eth0 proto kernel scope link src 38.98.245.202 169.254.0.0/16 dev eth0 scope link default via 38.98.245.201 dev eth0 [root@vulture ~]# I am on CentOS release 5.3 (Final) Linux 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 09:19:18 EDT 2009 i686 i686 i386 GNU/Linux I've tried using PREROUTING instead of OUTPUT, for the mark rule, and then if I try to connect to port 80 (telnet www.google.com 80), it just hangs... If I don't use iptables and instead set a static route for www.google.com via the VPN server, it works, I can connect and do an HTTP session (via the VPN). So is it possible to do route outgoing packets with destination port 80 out a ppp0 interface? Would appreciate any help in debugging this. Best, -at -- Aleksey Tsalolikhin UNIX System Administrator "I get stuff done!" http://www.verticalsysadmin.com/ LinkedIn - http://www.linkedin.com/in/atsaloli -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html