Le 02/07/2017 à 17:58, Øyvind Kaurstad a écrit :
Not sure if this clarified anything
There was no need to clarify anything to me. Your original post was clear enough, except the reason for the internal SNAT that you explained but which is irrelevant, as you mentionned. However, hopefully that will help other readers concentrate on the real issue.
but it still seems to me I need to leverage the connection tracking with packet marking to be able to ensure the reply packets that should go back out a non-default route actually does that.
I'm afraid so, unless you can add a second IP address to the target device. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
