Hi Richard, Re-routing means to choice the correct routing path possibly by using the specific routing tables, but it has nothing to do with mangling of the source IP. Therefore you have to change it the nat table in the POSTROUTING chain what you have already done. 2015-06-18 22:56 GMT+03:00, Withnell, Richard (withnell) <r.withnell@xxxxxxxxxxxxxxx>: > I'm having a little trouble marking packets to split traffic across > different connections. > > I have specified rules (see below) that mark the packets as expected, and > they do hit the correct routing table. The source address however, is still > based on the decision from the main routing table, made before it hits > OUTPUT. As far as I know, after altering the packets mark, it should be > re-routed, changing the source address to match the interface/route it will > actually use. > > ip route add default via 192.168.1.1 dev eth1 table 2 src 192.168.1.10 > ip route add 192.168.1.0/24 dev eth1 table 2 src 192.168.1.10 > ip rule add fwmark 2 lookup table 2 > > iptables -A OUTPUT -t mangle -j CONNMARK --restore-mark > iptables -A OUTPUT -t mangle -m mark ! --mark 0 -j ACCEPT > iptables -A OUTPUT -t mangle -m mark --mark 0 -p tcp --dport $PORT -m > conntrack --ctstate NEW -j MARK --set-mark 2 > iptables -A OUTPUT -t mangle -j CONNMARK --save-mark > > I have worked around this by using SNAT, in the POSTROUTING chain, however I > would like to clarify why the re-routing after mangling isn't working as I > expect. > > Is there something wrong with my understanding of the re-routing process? Is > there something about the rules I have specified that is causing a problem? > Or something else entirely. > > Thanks in advance, > > Richard > > > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Best regards Anatoly Muliarski -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
