> Generally, i have separate tables that do the mark/saving so as to only > put the rules in once. > I also have a route for the local net in my fwmark(ed) tables. > > > Hope that helps > > John > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > John I now have rules as such ip route add table 4 default via 192.168.1.1 ip route add table 4 192.168.11.0/24 via 192.168.11.1 iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -p tcp --dport 80 -s 192.168.11.0/24 -j MARK --set-mark 4 iptables -t mangle -A PREROUTING -p tcp --dport 443 -s 192.168.11.0/24 -j MARK --set-mark 4 iptables -t nat -A POSTROUTING -o $EXTERNAL2 -j SNAT --to-source 192.168.1.2 iptables -t nat -A POSTROUTING -o $EXTERNAL -j SNAT --to-source 196.212.0.42 iptables -t mangle -A PREROUTING -j CONNMARK --save-mark ip rule add fwmark 4 table 4 ip route flush cache Still no joy - maybe soemthing I need to fiddle with under /proc/sys? Evan -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
