On Thursday 2011-09-29 19:28, Andrew Beverley wrote:
>On Thu, 2011-09-29 at 12:28 +0200, Jan Engelhardt wrote:
>> On Thursday 2011-09-29 08:51, Andrew Beverley wrote:
>> >> iptables -A OUTPUT -t mangle -d 89.16.176.81 -j MARK --set-mark 0x800
>> >> ip rule add fwmark 0x800/0xffff table T2
>> >> ip route add table T2 default dev ppp1 via 94.30.127.76
>> >
>> >I've also added the following, which makes no difference:
>> >
>> >iptables -t nat -A POSTROUTING -o ppp1 \
>> > -j SNAT --to-source 109.224.134.110
>>
>> Of course it makes no difference, because SNAT is applied after routing.
>> ("POST" "ROUTING", see?)
>
>Yes, but in my case the SNAT still needed applying. The problem was that
>although the packets were being routed via the second interface, they
>were still being sent from the original IP address of the first
>interface. Therefore, packets were being returned to the first
>interface, making it look as if the second interface wasn't being used.
Well, that's why one should use tcpdump -i ethX, rather than tcpdump -i
any :-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
