Aleksey Tsalolikhin a écrit :
I've tried following the example at
http://lartc.org/howto/lartc.cookbook.squid.html
but from the remote web site's viewpoint, the request comes from the
eth0 address of my server, instead of through the VPN.
Oops, I forgot to comment on this. The default source address of a
locally generated datagram or connection is selected before the OUTPUT
chain, before the mark was set :
1) initial routing without using the mark selects the output interface
and source address
2) iptables changes the mark in the OUTPUT chain
3) rerouting using the mark updates the output interface but not the
source address
Rerouting through a different interface does not change the source
address accordingly, so it is normal that packets have eth0's address as
source even though they are rerouted through ppp0. If you want to change
the source address, you may use iptables' SNAT or MASQUERADE. (I fear
this will be a problem with IPv6 which has no - and must not have - NAT).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html