From mboxrd@z Thu Jan  1 00:00:00 1970
From: Esteban <eribicic@sinectis.com>
Subject: fwmarks
Date: 01 Mar 2003 17:44:23 -0300
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <1046551463.804.39.camel@debian>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-admin@lists.netfilter.org>
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
Content-Type: text/plain; charset="us-ascii"
To: netfilter@lists.netfilter.org

i ve got the clasic firewall for my internal network but inteades of one
internet gw ive got two.

(internel 172.0.0.0/24) eth0 -#linux box#-eth2 (first gw to internet)
					#-ppp0 (second gw to internet)

i have a trnasparent squid and a nat rule to redirect ports..
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

then squid looks for the webpages on the two gateways (multipath).
now i would like to fwmark paquets generated by squid and thru a
routeing table route only www packages to the gw i want.

i tryed 
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2

and then 
echo 201 www.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table www.out
ip route add default gw via 1.1.1.1 dev ppp0 
ip route flush cache

and does not work!.
if i create a rule like 
ip rule add to 2.2.2.2 table www.out
ip route flush cache

that does work!..
i think the mangling is not okay..how do i mangle paquetes generated by
my own server? if anyone have some experience please help me!

thanks in advance