Hello, Matt Hakim a écrit : > Hi, > I want to mark packets for a particular user (iptables -t mangle -A > OUTPUT -mowner --uid-owner rtorrent -j MARK --set-mark 1), and then > route these packets to a VPN (ip rule add fwmark 1 lookup 200; ip > route add default dev ppp0 table 200). Unfortunately, after I do this > tcpdump shows that the default interfaces source address is being put > out on the ppp0 link which I don't understand, as I would have > expected the ppp0 interface address to be the source address. The source address is selected before when the packet is created, before it enters the OUTPUT chain and gets marked and then rerouted according to the mark. Rerouting only updates the output interface and nexthop, it cannot update the source address. > Any tips? I'll hack around in the source now see what i can find. Either select the source address in the application or SNAT/MASQUERADE on ppp0 for IPv4 traffic. The former is not always possible (application does not allow it, or address is not fixed) and the latter is not applicable to IPv6 as Linux has no IPv6 NAT and will hopefully never. Couldn't there be a way to achieve proper source address selection, maybe by the use of a "virtual" packet that would be sent through iptables' OUTPUT chains and MARKed/DNATed as part of the source address selection prior to sending the real packet ? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
