Try add the lines below in your scritp. ip rule del fwmark 1 before you add: ip rule add fwmark 1 table 100 at the end in the your script ip route flush tables 2011/4/15 Andrew Beverley <andy@xxxxxxxxxxx>: > On Fri, 2011-04-15 at 18:51 +0200, JOSE FELIX HERNANDEZ BARRIO wrote: >> >> My problem is when traffic source is B when the packet come back to B >> its destination ip matches local IP so it's not redirected to tun1 >> ands it's not processed. Incoming packets on local ip are not >> processed by prerouting chain. >> >> what i use to redirect its: >> iptables -A PREROUTING -t mangle -i eth0 -t tcp -j MARK --set-mark 1 >> iptables -A PREROUTING -t mangle -i eth0 -j ACCEPT >> >> ip rule add fwmark 1 table 100 >> ip route add default dev tun0 table 100 > > Have you tried marking the packets in the mangle table of OUTPUT? > Looking at the kernel packet flow diagram[1], packets get a reroute > check after that table. > >> >> someone suggested to use iptables -j ROUTE to force routing even in >> this case. But there's no way to use this patch on recent kernel. > > I believe that functionality was moved into iproute2. > > Andy > > [1] http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
