On Wednesday 2010-09-29 19:51, Christopher Piggott wrote: > >This question will probably make a lot more sense if you look at >http://wiki.ubuntu.org.cn/images/f/f0/Iptables.gif while you are >reading it. It probably makes most sense if existing graphs be used, such as http://en.wikipedia.org/wiki/Iptables (this is nf-packet-flow from me, yes) >the local system. I have been marking them in the mangle table of the >OUTPUT chain. > >This does, in fact, seem to set the correct mark on the packet, but, >unfortunately, the packet's source address seems to have already been >picked by this point. The source address is chosen when you call bind(2) with INADDR_ANY/IN6ADDR_ANY. Note that bind is implicit on connect if you have not explicitly called bind. You can use `ip route get 1.2.3.4` to see the details of which src it picks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
