Hello, Christopher Piggott a écrit : > > I am trying to mark packets with a certain fwmark for routing > purposes. The examples all say this is done in table "mangle" in the > "prerouting" chain; but in my case, the packets I want marked are from > the local system. I have been marking them in the mangle table of the > OUTPUT chain. > > This does, in fact, seem to set the correct mark on the packet, but, > unfortunately, the packet's source address seems to have already been > picked by this point. In other words, if your user code calls > socket() then connect(), at some point a local address has been > chosen. On the IPTables canonical packet flow diagram, I believet his > happens in the "Routing" block that comes just after "Firewall Reply." > (Is that true?) This is all correct. > THE GOOD NEWS: the packet goes out interface wlan0 > THE BAD NEWS: the packet's source address is ppp0's network address > (not wlan0's) > > I don't see a way out of this. Anyone? SNAT or MASQUERADE. Yeah, NAT sucks but I don't see any other way. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
