Fredrik Ax wrote: > On Fri, Jan 22, 2010 at 11:53:45AM +0100, Patrick McHardy wrote: >>> So, to accomplish this I would have to oute it through a dummy >>> interface to make iptables able to mark it before it goes out? >> You need some criteria for your routing rules that is available >> when the socket is routed. That's everything but the packet mark. >> Using a seperate device will work. >> >> For ethernet, the macvlan device might be a good choice if you >> don't mind using different MAC addresses for each IP. > > Thanks, I'll have a look at it ... > > Just one more question, the host is actually run as a domU on XEN and > all of the eth2-4 interfaces are on a in dom0 created bridge, bridging > in a vlan where the tagged traffic is on a blanace-rr bond-device. > > Would it create any problems creating a macvlan device on top of this? No, that should be fine. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
