On 2012-11-08 22:08, Alex Bligh wrote: > Is it possible to use iptables to force the next hop in (e.g.) the > FORWARD table? > > I know it is possible to do this with 'ip rule' and friends, but for > various reasons (non-proliferation of tables) I'd like to do this in > just iptables if possible. Let's assume I know what I'm doing, and the > effect that I want is that if the iptables rule matches, I want to set > the next hop (irrespective of the routing table) to an IP address > which I can guarantee is on a directly connected interface. > You can do hybrid of sorts - that is set mark in iptables (with all the matching power of iptables), then use fwmark match in ip rule. Not precisely what you're after, but gives you the same - unless of course you want to avoid ip rule at all cost. Once in the past there was ROUTE target, but it was dropped at some point (I think). Besides, ip rule fwmark provides essentially the same. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
