On Fri, 2011-04-15 at 18:51 +0200, JOSE FELIX HERNANDEZ BARRIO wrote: > > My problem is when traffic source is B when the packet come back to B > its destination ip matches local IP so it's not redirected to tun1 > ands it's not processed. Incoming packets on local ip are not > processed by prerouting chain. > > what i use to redirect its: > iptables -A PREROUTING -t mangle -i eth0 -t tcp -j MARK --set-mark 1 > iptables -A PREROUTING -t mangle -i eth0 -j ACCEPT > > ip rule add fwmark 1 table 100 > ip route add default dev tun0 table 100 Have you tried marking the packets in the mangle table of OUTPUT? Looking at the kernel packet flow diagram[1], packets get a reroute check after that table. > > someone suggested to use iptables -j ROUTE to force routing even in > this case. But there's no way to use this patch on recent kernel. I believe that functionality was moved into iproute2. Andy [1] http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
