On Thu, 2011-09-29 at 14:32 +0700, Pandu Poluan wrote: > On Thu, Sep 29, 2011 at 13:51, Andrew Beverley <andy@xxxxxxxxxxx> wrote: > > On Wed, 2011-09-28 at 23:20 +0100, Andrew Beverley wrote: > >> Hi, > >> > >> I'd like to route locally generated traffic via a particular interface > >> based on its mark value. > >> > >> From what I have researched, this is theoretically possible and lots of > >> people have tried it, but nobody has got it working. > >> > >> Here's my rules: > >> > >> # Mark the packets > >> iptables -A OUTPUT -t mangle -d 89.16.176.81 -j MARK --set-mark 0x800 > >> > >> # Route the marked packets via routing table T2: > >> ip rule add fwmark 0x800/0xffff table T2 > >> > >> # Force T2 packets out of the interface ppp1 > >> ip route add table T2 default dev ppp1 via 94.30.127.76 > >> > >> # Flush the cache, just in case > >> ip route flush cache > >> > >> However, the packets still go out of the default route (ppp0). > > > > I've also added the following, which makes no difference: > > > > iptables -t nat -A POSTROUTING -o ppp1 \ > > -j SNAT --to-source 109.224.134.110 > > > > > > Can you post the complete table, i.e., the output of iptables-save ? > Thanks for that. After I added the SNAT rule, I forgot to remove an existing earlier rule that was stopping the packets being marked. Your email reminded me! So, the reason it wasn't working for me was the missing SNAT rule after all. It now works correctly. Thanks, Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
