Since this is output (not forward) the first routing of the packet takes place before iptables have had a change to mark it. After the mark it is rerouted, but the source ip-address is taken from the output interface that comes from the first routing. At least, this is my understanding of it. /Oskar 2010/1/28 Matt Hakim <thepigs@xxxxxxxxx>: > Hi, > I want to mark packets for a particular user (iptables -t mangle -A > OUTPUT -mowner --uid-owner rtorrent -j MARK --set-mark 1), and then > route these packets to a VPN (ip rule add fwmark 1 lookup 200; ip > route add default dev ppp0 table 200). Unfortunately, after I do this > tcpdump shows that the default interfaces source address is being put > out on the ppp0 link which I don't understand, as I would have > expected the ppp0 interface address to be the source address. Anyway > it fails. > Without using MARK and ip routing based on destination works OK though > (from all to 66.102.11.104 lookup 200; ip route add default dev ppp0 > table 200). > Any tips? I'll hack around in the source now see what i can find. > Thanks, > Matt > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
